Penetration Testing mailing list archives

Re: finding dyndns names for existing IP

From: Thomas Kerbl <t.kerbl () weigl de>
Date: Fri, 28 Nov 2003 17:20:04 +0100

John Lampe wrote:

----- Original Message -----From: "Thomas Kerbl" <t.kerbl () weigl de>

To: <pen-test () securityfocus com>
Sent: Wednesday, November 26, 2003 5:06 AM
Subject: finding dyndns names for existing IP

Hello,

To try to summarize the problem:

1) We assume the company uses the DynDns service (or a similar service).
2) We got the actual valid IP through social engineering.
3) We want to find the dyndns name of this IP to keep track.

Is there a Database hostet by dyndns (or similar service)  we can
consult? Or is there a way to do a reverse lookup on the IP?


Typically, you won't be able to do a reverse lookup on the IP, as it will
resolve to either NULL or some FQDN within their ISP.  However, they are
using DynDNS for a reason (that should be an assumption, right?)...

Yes, but it was wishfull thinking from my side, a easy way to trackthem. There's no Service running that would justify a dyndns service.

i.e. they
are offering some service that users can get to via DynDNS.  Why not
interrogate the applications which are using DynDNS.  That is, if it's a
webserver, find the FQDN via the web port, or if it's an email server,
either query the banners of force the mail server to bounce you an email
where you can look at SMTP headers, etc.

Good pointers, I sure can use them in future projects. But would anapplikation that I call by IP respond with an domainname usually? Iwould expect it to respond with the IP (in headers, ...). Static bannerswould be a possiblility of course.

As you have been scanning this IP, what ports are being offered?  That might
be helpful to the conversation.

Nothing open towards the outside, not even SSH. I'm pretty sure theydon't use dyndns now. There's no good reason for using this service.The test for this customer will be over this week, but the topic isinteresting for future tests. Input is still welcome.


thx,
Thomas Kerbl

--
~ weigl interservice
~ www.weigl.de



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

finding dyndns names for existing IP Thomas Kerbl (Nov 26)
- Re: finding dyndns names for existing IP John Lampe (Nov 26)
  - Re: finding dyndns names for existing IP Jeff Bryner (Nov 26)
  - Re: finding dyndns names for existing IP Thomas Kerbl (Nov 28)
- Re: finding dyndns names for existing IP Jimi Thompson (Nov 28)
  - Re: finding dyndns names for existing IP Thomas Kerbl (Nov 28)
  - Re: finding dyndns names for existing IP Kurt Seifried (Nov 30)
- <Possible follow-ups>
- RE: finding dyndns names for existing IP Adrian Lazar (Nov 26)