Security Basics mailing list archives
RE: discovering a service behind a nated network
From: "CHRIS GRABENSTEIN" <CGRABENSTEIN () lfcc edu>
Date: Tue, 7 Sep 2004 16:10:46 -0400
If the company has not restricted IP Options and ICMP, I believe you could use loose source routing to do a tracert and take note of where the failures start (e.g. at the NAT server or beyond). Just specify the NAT server in the route. I would hope the firewall guys had restricted IP Options though. Take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;q169206 -----Original Message----- From: linux user [mailto:linuxteam () gmail com] Sent: Saturday, September 04, 2004 8:55 AM To: security-basics () securityfocus com Subject: discovering a service behind a nated network Hiya All, I would like to discover if a service that is behind a NATed network is still working, for example if a web server is in a private network, Nated behind a gateway, how could i from an external network check if the server is down/ or there are network problems between the server and the gateway? is there a way to use a tool such as traceroute for NATed/Firewalled network from an external link? The reason i am asking this is because i have been asked that question on a job interview, and i did not know what the correct answer was, it was related to a web cluster farm then. another reason is howto troubleshoot a service that has been port forwarded from the gateway, the port forwarding works for other services, but this specific service is not reachable, and you can not tell whether the NATed box was down, or the route was down, or what, you could debate that you can use ssh to the gateway server, but then that is run by a different dept. and you have no access to that. sorry if my English langauge is a bit rusty TIA Anst --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- discovering a service behind a nated network linux user (Sep 07)
- Re: discovering a service behind a nated network P. Deelman (Sep 09)
- <Possible follow-ups>
- RE: discovering a service behind a nated network Jason Workman (Sep 09)
- RE: discovering a service behind a nated network Mike (Sep 09)
- discovering a service behind a nated network Hayden Searle (Sep 10)
- discovering a service behind a nated network Hayden Searle (Sep 10)
- Re: discovering a service behind a nated network Tim Hanekamp (Sep 20)
- RE: discovering a service behind a nated network CHRIS GRABENSTEIN (Sep 10)