Hi Bob, Alot of times misconfigured web servers return a "Content-Location" header which displays an internal IP..
Another good way is using things like epmapper, or BindViews rpctools, or AtStake's dcetest to query a (Win32) DCE epmapper. Sometimes, you find things when looking through the HTML code, comments, maybe even some code to speak to any back-end servers. Then there is trying to talk SNMP to the NAT device, which may even return the exact mappings if your lucky! :) Other techniques may involve firewalking depending on how the victim border routers/firewalls are configured. And something that just popped into my head is getting a HTTP server to return an error. Alot of times the errors are overly verbose, giving up an IP. HTH, Chris. At 12:02 PM 21/01/2002 -0500, R P G wrote: >I was wondering if anyone knows of a method to test a NAT system for >address space leakage. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
