Penetration Testing mailing list archives
Re: finding dyndns names for existing IP
From: Thomas Kerbl <t.kerbl () weigl de>
Date: Fri, 28 Nov 2003 17:20:04 +0100
John Lampe wrote:
----- Original Message ----- From: "Thomas Kerbl" <t.kerbl () weigl de>Yes, but it was wishfull thinking from my side, a easy way to track them. There's no Service running that would justify a dyndns service.To: <pen-test () securityfocus com> Sent: Wednesday, November 26, 2003 5:06 AM Subject: finding dyndns names for existing IPHello, To try to summarize the problem: 1) We assume the company uses the DynDns service (or a similar service). 2) We got the actual valid IP through social engineering. 3) We want to find the dyndns name of this IP to keep track. Is there a Database hostet by dyndns (or similar service) we can consult? Or is there a way to do a reverse lookup on the IP?Typically, you won't be able to do a reverse lookup on the IP, as it will resolve to either NULL or some FQDN within their ISP. However, they are using DynDNS for a reason (that should be an assumption, right?)...
Good pointers, I sure can use them in future projects. But would an applikation that I call by IP respond with an domainname usually? I would expect it to respond with the IP (in headers, ...). Static banners would be a possiblility of course.i.e. they are offering some service that users can get to via DynDNS. Why not interrogate the applications which are using DynDNS. That is, if it's a webserver, find the FQDN via the web port, or if it's an email server, either query the banners of force the mail server to bounce you an email where you can look at SMTP headers, etc.
Nothing open towards the outside, not even SSH. I'm pretty sure they don't use dyndns now. There's no good reason for using this service. The test for this customer will be over this week, but the topic is interesting for future tests. Input is still welcome.As you have been scanning this IP, what ports are being offered? That might be helpful to the conversation.
thx, Thomas Kerbl -- ~ weigl interservice ~ www.weigl.de --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- finding dyndns names for existing IP Thomas Kerbl (Nov 26)
- Re: finding dyndns names for existing IP John Lampe (Nov 26)
- Re: finding dyndns names for existing IP Jeff Bryner (Nov 26)
- Re: finding dyndns names for existing IP Thomas Kerbl (Nov 28)
- Re: finding dyndns names for existing IP Jimi Thompson (Nov 28)
- Re: finding dyndns names for existing IP Thomas Kerbl (Nov 28)
- Re: finding dyndns names for existing IP Kurt Seifried (Nov 30)
- <Possible follow-ups>
- RE: finding dyndns names for existing IP Adrian Lazar (Nov 26)
- Re: finding dyndns names for existing IP John Lampe (Nov 26)