Penetration Testing mailing list archives
Re: Identifying whether 2 IPs are from the same server
From: Hernan Antolini <antolini () ar ibm com>
Date: Fri, 25 Nov 2005 15:50:44 -0300
what about trying an snmpwalk ? sure, there should be some conditions in
place (comunity name, daemon active...) but, if conditions apply, you could
have all the if's information.
Hernan Antolini
e-business Web Hosting Delivery
antolini () ar ibm com / +5411-5070-3641
******************************************************
"DetrĂ¡s de todo lo exquisito hay siempre alguna tragedia" - Oscar Wilde, El
retrato de Dorian Gray.
Terry Vernon
<tvernon24@comcas
t.net> To
BSK <bishan4u () yahoo co uk>
11/25/2005 02:49 cc
AM pen-test () securityfocus com
Subject
Re: Identifying whether 2 IPs are
from the same server
Try flooding one while watching the turnaround time on a ping to the
other one. If it is the same machine, the flood might occupy the network
stack and cause latency in the ping time from it's second IP. There are
situations where this might give you a false positive such as two
identical machines on an unswitched ethernet where the flood would
naturally slow the response of the second machine. It's not a perfect
plan but right off the top of my head that's an option. You can also use
nmap to scan it and hope the machines reveal their uptimes, if the
uptimes are identical then it could be the same machine or the admin
gets off on synchronizing the power on his servers lol.
If you were more explicit about which sockets were in use then you can
enumerate the two by looking at static files on the machines (web, anon
ftp, etc). If you can find two identical folders on each IP through
apache that doesn't have an index.html file you can compare the
timestamps on the contents of both folders. There's a bunch of little
things you can do.
I'm willing to bet 'nmap -O -p 0-1024 hostname' will tell you what you
need to know
-Terry
BSK wrote:
Hello, I am doing a Penetration Testing for 2 IP addresses. My findings till now for both the servers are exactly same. I strongly feel that both the IPs belong to the same machine. May be a scenario where two NICs are on the same machine with two Public IPs. I ran HPING to match their IP IDs but it shows different series for both of them. Is there any other technique that we can use to ascertain such a situation? thank you ___________________________________________________________ WIN ONE OF THREE YAHOO! VESPAS - Enter now! -
http://uk.cars.yahoo.com/features/competitions/vespa.html
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Identifying whether 2 IPs are from the same server BSK (Nov 24)
- Re: Identifying whether 2 IPs are from the same server Terry Vernon (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Hernan Antolini (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Joachim Schipper (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Franck Veysset (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Andrew Simmons (Nov 27)
- Re: Identifying whether 2 IPs are from the same server Max (Nov 28)
- Re[2]: Identifying whether 2 IPs are from the same server Thierry Zoller (Nov 28)
- <Possible follow-ups>
- RE: Identifying whether 2 IPs are from the same server Shenk, Jerry A (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Terry Vernon (Nov 25)