Re: Testing load balanced servers behind NAT

[Bill Pennington <billp () boarder org>]

Andrew Koh wrote:

> How would I test each server in the pool?

Just take all the other servers out of the pool, test. remove that
server put in another one, test etc etc

> Also, is there any other documentation on identifying hosts behind
> proxy/NAT(like FW-1), their internal IP and getting to other internal
> machines which are not directly accessible from outside?



I find OS fingerprinting to not be very useful in most cases. Webservers
generally give out the OS they are running on.
> On getting internal IP:
> Besides misconfigured  DNS and snmp, are there any other ways to find out
> internal host IP?

302 redirects will give up internal names/IP addresses. FW-1 (unless you
have really messed up the config) should stop spoofing attempts cold.

> On routing to internal machines:
> The only way I can think of is bouncing off other internal hosts which are
> accessible to the Internet. How does source routing work as there are many
> routers out there which filter them.

Again FW-1 "should" stop this cold.


> Any thoughts?

Think higher layers of the OSI model. Most likely there are flaws in the
webserver or web application, if the firewall is passing this traffic
there is not much it can do to protect you.



-- 


Bill Pennington - CISSP

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/