If you ping a corporate website from the inside (behind the firewall in the same network where the web server is hosted), will it give you the internal IP of the server hosting the website, or the external IP of the server hosting the website?
Also, how can you identify all corporate “web facing” servers from the outside, if all you have is the corporate website? Do companies buy public facing IP’s in blocks? So if you have one IP you can try similar to see if that’s also a corporately owned server? Or is there a more sophisticated way of doing this?
What kinf of infrastructure aside from “web servers” would typically be public facing in a corporate DMZ, and pingable and/or viewable from the internet?