Not reliable, but if there are any accessible web servers behind the NAT device, check the Content-Location tag. It may yield non-routable address information.
Statistically, not a good bet - but still, a better than 1 in 20 chance, if the server is IIS, that you will get non-routable addressing information out of it, and that the server is giving this information to everyone who connects to it. (See http://www.securityspace.com/s_survey/data/man.200112/firewalled_cloc.html for stats breakdown) Thomas R P G wrote: > > I was wondering if anyone knows of a method to test a NAT system for > address space leakage. > > Thanks. > > --Bob > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
