Re: Identifying whether 2 IPs are from the same server

• Previous message: dawn: "Re: Password cracking / recovery Lotus Notes R6"
• In reply to: Terry Vernon: "Re: Identifying whether 2 IPs are from the same server"
• Next in thread: Joachim Schipper: "Re: Identifying whether 2 IPs are from the same server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Fri, 25 Nov 2005 15:50:44 -0300

what about trying an snmpwalk ? sure, there should be some conditions in
place (comunity name, daemon active...) but, if conditions apply, you could
have all the if's information.

Hernan Antolini

e-business Web Hosting Delivery
antolini@ar.ibm.com / +5411-5070-3641
******************************************************
"Detrás de todo lo exquisito hay siempre alguna tragedia" - Oscar Wilde, El
retrato de Dorian Gray.

                                                                           
             Terry Vernon
             <tvernon24@comcas
             t.net> To
                                       BSK <bishan4u@yahoo.co.uk>
             11/25/2005 02:49 cc
             AM pen-test@securityfocus.com
                                                                   Subject
                                       Re: Identifying whether 2 IPs are
                                       from the same server
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

Try flooding one while watching the turnaround time on a ping to the
other one. If it is the same machine, the flood might occupy the network
stack and cause latency in the ping time from it's second IP. There are
situations where this might give you a false positive such as two
identical machines on an unswitched ethernet where the flood would
naturally slow the response of the second machine. It's not a perfect
plan but right off the top of my head that's an option. You can also use
nmap to scan it and hope the machines reveal their uptimes, if the
uptimes are identical then it could be the same machine or the admin
gets off on synchronizing the power on his servers lol.

If you were more explicit about which sockets were in use then you can
enumerate the two by looking at static files on the machines (web, anon
ftp, etc). If you can find two identical folders on each IP through
apache that doesn't have an index.html file you can compare the
timestamps on the contents of both folders. There's a bunch of little
things you can do.

I'm willing to bet 'nmap -O -p 0-1024 hostname' will tell you what you
need to know

-Terry

BSK wrote:

>Hello,
>
>I am doing a Penetration Testing for 2 IP addresses.
>My findings till now for both the servers are exactly
>same. I strongly feel that both the IPs belong to the
>same machine. May be a scenario where two NICs are on
>the same machine with two Public IPs. I ran HPING to
>match their IP IDs but it shows different series for
>both of them.
>
>Is there any other technique that we can use to
>ascertain such a situation?
>
>thank you
>
>
>
>
>___________________________________________________________
>WIN ONE OF THREE YAHOO! VESPAS - Enter now! -
http://uk.cars.yahoo.com/features/competitions/vespa.html
>
>------------------------------------------------------------------------------

>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,

>login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
>futile against web application hacking. Check your website for
vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before
hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------

>
>
>
>

------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: dawn: "Re: Password cracking / recovery Lotus Notes R6"
• In reply to: Terry Vernon: "Re: Identifying whether 2 IPs are from the same server"
• Next in thread: Joachim Schipper: "Re: Identifying whether 2 IPs are from the same server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]