mailing list archives
Re: Multiple IP on the same server howo to idenfity
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 10 Jun 2004 16:28:39 -0500
On Thu, 2004-06-10 at 05:12, NetExpress wrote:
Hi, the problem is, if I am doing a penetration test from internte to
many servers, probably there should be some IP ont the same server o
network adapter like load balancer.
In a report, and to avoid false positive, should be usefull to identify
which IPs are on the same server, but how?
If you can observe response packets from the servers (responses to UDP
or ICMP requests, or simple TCP requests such as telnetting to an open
port), then you can fingerprint the IP stack by hand. Examine TTL, IP ID
and Window size. Most systems don't randomize the IP ID, so you can
easily distinguish between different servers by watching the IP ID.
Remember, tcpdump is your friend :)
Description: This is a digitally signed message part