Penetration Testing mailing list archives
RE: Multiple IP on the same server howo to idenfity
From: "Amin Tora" <atora () EPLUS com>
Date: Thu, 10 Jun 2004 17:14:58 -0400
One idea: Look at the default settings in the IP/TCP/UDP/ICMP headers ... Coming from the box... If it is all the same it _COULD_ be the same box performing NAT/PAT or using virtual machines... If the packets are dis-similar then it _COULD_ be different boxes... Again note "_COULD_" But all this is again "guessing"... The other thing to do is to call up the contact at the customer and ask up front or social engineering...<grin> Amin Tora, CISSP, CHSP Security Consultant ePlus Technology Inc. 13595 Dulles Technology Drive Herndon, VA 20171 office: 703-793-1330 cell: 703-675-0738 web: http://www.eplustechnology.com email: atora-at-eplus.com **NOTICE** ------------------------------------------ THE INFORMATION CONTAINED IN THIS ELECTRONIC TRANSMISSION AND ANY ATTACHMENTS HERETO IS CONSIDERED PROPRIETARY AND CONFIDENTIAL. DISTRIBUTION OF THIS MATERIAL TO ANYONE OTHER THAN THE ADDRESSED IS PROHIBITED. ANY DISCLOSURE, COPYING, DISTRIBUTION OR USE OF THE CONTENTS OF THIS TRANSMISSION OR ANY ATTACHMENTS HERETO FOR ANY REASON OTHER THAN THEIR INTENDED PURPOSE IS PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE CONTACT THE SENDER. ------------------------------------------ -----Original Message----- From: NetExpress [mailto:NetExpress () infogroup it] Sent: Thursday, June 10, 2004 6:13 AM To: pen-test () securityfocus org Subject: Multiple IP on the same server howo to idenfity Hi, the problem is, if I am doing a penetration test from internte to many servers, probably there should be some IP ont the same server o network adapter like load balancer. In a report, and to avoid false positive, should be usefull to identify which IPs are on the same server, but how? If I should be in the internal network I am testing I'll use arp to find the MAC address of each IP and I should have solved, but from Internet I cannot use arp. From Internet I could use the banner, but this is not sure, I could have more then one application server on the same server with n-IP on application server A and m-IP on the application server B getting the banner should not be the right choise especialy with proxy. Any idea? Thanks Alessandro Fiorenzi
Current thread:
- Multiple IP on the same server howo to idenfity NetExpress (Jun 10)
- Re: Multiple IP on the same server howo to idenfity Paul Johnston (Jun 11)
- Re: Multiple IP on the same server howo to idenfity Frank Knobbe (Jun 14)
- <Possible follow-ups>
- RE: Multiple IP on the same server howo to idenfity Yonatan Bokovza (Jun 10)
- Re: Multiple IP on the same server howo to idenfity Andrew A. Vladimirov (Jun 11)
- RE: Multiple IP on the same server howo to idenfity Amin Tora (Jun 10)
- RE: Multiple IP on the same server howo to idenfity Pursifull, Mike (Jun 11)
- RE: Multiple IP on the same server howo to idenfity Frank Knobbe (Jun 16)
- RE: Multiple IP on the same server howo to idenfity Amin Tora (Jun 17)