B> Is it a load balancing firewall / firewall in failover
B> mode or Cisco PIX is generating a randor IPID?
Probably yes, check also
- ISN changes
- Window size
- TTL changes (open ports..may indicate NAT/LB)
- TOS
- etc all fields which may change on different machines
Hello,
I've never tried this, but you could also try inducing connections back
to yourself from those servers. For instance, if mail servers perform
reverse DNS lookups or if you can get a border mail relay to accept a
message that you know will bounce later, then you might be able to get
those servers to come back through the firewall to you. Since hosts
often allocate source ports in sequence and NAPT systems don't normally
re-write source ports unless there is a conflict, you might be able to
tell if there are multiple systems connecting back to you.
Probably a lot harder to pull off than the suggestions above though.
tim
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
