Hi, this is just an idea , i havent had time to actually test it, so... I would try using IP fragmentation or TCP reassembly tricks with protocols that require payload rewriting at the NAT device. An example of this would be FTP control messages. It proved usefull to open holes thru packet filtering firewalls with stateful inspection so it might as well work for obtaining internal adresses.
Pointers to related stuff: http://www.securityfocus.com/bid/1045 Cool stuff presented by Tomas Lopatic,John MacDonald and Dug Song at BlackHat Briefings LV 2000: http://www.blackhat.com/presentations/bh-usa-00/Song-McDonald-Lopatic/Song_M cDonald_lopatic.ppt FW-1 http://www.securityfocus.com/bid/1054 PIX http://www.securityfocus.com/bid/1877 http://www.securityfocus.com/bid/1698 then again a simple email would be equally usefull -ivan --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce Ivan Arce CTO CORE SECURITY TECHNOLOGIES 44 Wall Street - New York, NY 10005 Ph: (212) 461-2345 Fax: (212) 461-2346 http://www.corest.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ----- Original Message ----- From: R P G <[EMAIL PROTECTED]> Newsgroups: core.lists.pentest To: <[EMAIL PROTECTED]> Sent: Monday, January 21, 2002 2:02 PM Subject: testing for IP address space leakage in NAT systems > I was wondering if anyone knows of a method to test a NAT system for > address space leakage. > > Thanks. > > --Bob > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > --- for a personal reply use: =?iso-8859-1?Q?Iv=E1n_Arce?= <[EMAIL PROTECTED]> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
