Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Identifying whether 2 IPs are from the same server

from [Hernan Antolini] Network Security [Permanent Link]
Subject: Re: Identifying whether 2 IPs are from the same server
Date: Fri, 25 Nov 2005 15:50:44 -0300 




what about trying an snmpwalk ? sure, there should be some conditions in
place (comunity name, daemon active...) but, if conditions apply, you could
have all the if's information.

Hernan Antolini

e-business Web Hosting Delivery
antolini@ar.ibm.com / +5411-5070-3641
******************************************************
"Detrás de todo lo exquisito hay siempre alguna tragedia" - Oscar Wilde, El
retrato de Dorian Gray.



                                                                           
             Terry Vernon                                                  
             <tvernon24@comcas                                             
             t.net>                                                     To 
                                       BSK <bishan4u@yahoo.co.uk>          
             11/25/2005 02:49                                           cc 
             AM                        pen-test@securityfocus.com          
                                                                   Subject 
                                       Re: Identifying whether 2 IPs are   
                                       from the same server                
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Try flooding one while watching the turnaround time on a ping to the
other one. If it is the same machine, the flood might occupy the network
stack and cause latency in the ping time from it's second IP. There are
situations where this might give you a false positive such as two
identical machines on an unswitched ethernet where the flood would
naturally slow the response of the second machine. It's not a perfect
plan but right off the top of my head that's an option. You can also use
nmap to scan it and hope the machines reveal their uptimes, if the
uptimes are identical then it could be the same machine or the admin
gets off on synchronizing the power on his servers lol.

If you were more explicit about which sockets were in use then you can
enumerate the two by looking at static files on the machines (web, anon
ftp, etc). If you can find two identical folders on each IP through
apache that doesn't have an index.html file you can compare the
timestamps on the contents of both folders. There's a bunch of little
things you can do.

I'm willing to bet 'nmap -O -p 0-1024 hostname' will tell you what you
need to know

-Terry



BSK wrote:


Hello,

I am doing a Penetration Testing for 2 IP addresses.
My findings till now for both the servers are exactly
same. I strongly feel that both the IPs belong to the
same machine. May be a scenario where two NICs are on
the same machine with two Public IPs. I ran HPING to
match their IP IDs but it shows different series for
both of them.

Is there any other technique that we can use to
ascertain such a situation?

thank you




___________________________________________________________
WIN ONE OF THREE YAHOO! VESPAS - Enter now! -

http://uk.cars.yahoo.com/features/competitions/vespa.html


------------------------------------------------------------------------------



Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,



login pages, dynamic content etc. Firewalls, SSL and locked-down servers

are

futile against web application hacking. Check your website for

vulnerabilities

to SQL injection, Cross site scripting and other web attacks before

hackers do!

Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------










------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------





------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Password cracking / recovery Lotus Notes R6, dawn
Next by Date:  Re: Application Security Scanning, Frederic Charpentier
Previous by Thread:  Re: Identifying whether 2 IPs are from the same server, Terry Vernon
Next by Thread:  Re: Identifying whether 2 IPs are from the same server, Joachim Schipper
Indexes:  [Date] [Thread] [Top] [All Lists]