RE: discovering a service behind a nated network
From: CHRIS GRABENSTEIN (CGRABENSTEIN_at_lfcc.edu)
Date: 09/07/04
- Previous message: Hayden Searle: "discovering a service behind a nated network"
- Maybe in reply to: Hayden Searle: "discovering a service behind a nated network"
- Next in thread: Tim Hanekamp: "Re: discovering a service behind a nated network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 7 Sep 2004 16:10:46 -0400 To: "linux user" <linuxteam@gmail.com>, <security-basics@securityfocus.com>
If the company has not restricted IP Options and ICMP, I believe you could
use loose source routing to do a tracert and take note of where the failures
start (e.g. at the NAT server or beyond). Just specify the NAT server in the
route. I would hope the firewall guys had restricted IP Options though.
Take a look at
http://support.microsoft.com/default.aspx?scid=kb;en-us;q169206
-----Original Message-----
From: linux user [mailto:linuxteam@gmail.com]
Sent: Saturday, September 04, 2004 8:55 AM
To: security-basics@securityfocus.com
Subject: discovering a service behind a nated network
Hiya All,
I would like to discover if a service that is behind a NATed network is still
working, for example if a web server is in a private network, Nated behind a
gateway, how could i from an external network check if the server is down/ or
there are network problems between the server and the gateway? is there a way
to use a tool such as traceroute for NATed/Firewalled network from an
external link?
The reason i am asking this is because i have been asked that question on a
job interview, and i did not know what the correct answer was, it was
related to a web cluster farm then.
another reason is howto troubleshoot a service that has been port forwarded
from the gateway, the port forwarding works for other services, but this
specific service is not reachable, and you can not tell whether the NATed box
was down, or the route was down, or what, you could debate that you can use
ssh to the gateway server, but then that is run by a different dept. and you
have no access to that.
sorry if my English langauge is a bit rusty
TIA
Anst
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Gain the in-demand skills of a certified
computer examiner, learn to recover trace data left behind by fraud, theft,
and cybercrime perpetrators. Discover the source of computer crime and abuse
so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
- Previous message: Hayden Searle: "discovering a service behind a nated network"
- Maybe in reply to: Hayden Searle: "discovering a service behind a nated network"
- Next in thread: Tim Hanekamp: "Re: discovering a service behind a nated network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
