Penetration Testing mailing list archives
Re: Identifying whether 2 IPs are from the same server
From: Terry Vernon <tvernon24 () comcast net>
Date: Thu, 24 Nov 2005 23:49:34 -0600
Try flooding one while watching the turnaround time on a ping to the other one. If it is the same machine, the flood might occupy the network stack and cause latency in the ping time from it's second IP. There are situations where this might give you a false positive such as two identical machines on an unswitched ethernet where the flood would naturally slow the response of the second machine. It's not a perfect plan but right off the top of my head that's an option. You can also use nmap to scan it and hope the machines reveal their uptimes, if the uptimes are identical then it could be the same machine or the admin gets off on synchronizing the power on his servers lol.
If you were more explicit about which sockets were in use then you can enumerate the two by looking at static files on the machines (web, anon ftp, etc). If you can find two identical folders on each IP through apache that doesn't have an index.html file you can compare the timestamps on the contents of both folders. There's a bunch of little things you can do.
I'm willing to bet 'nmap -O -p 0-1024 hostname' will tell you what you need to know
-Terry BSK wrote:
Hello, I am doing a Penetration Testing for 2 IP addresses. My findings till now for both the servers are exactly same. I strongly feel that both the IPs belong to the same machine. May be a scenario where two NICs are on the same machine with two Public IPs. I ran HPING to match their IP IDs but it shows different series for both of them. Is there any other technique that we can use to ascertain such a situation? thank you___________________________________________________________ WIN ONE OF THREE YAHOO! VESPAS - Enter now! - http://uk.cars.yahoo.com/features/competitions/vespa.html------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Identifying whether 2 IPs are from the same server BSK (Nov 24)
- Re: Identifying whether 2 IPs are from the same server Terry Vernon (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Hernan Antolini (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Joachim Schipper (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Franck Veysset (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Andrew Simmons (Nov 27)
- Re: Identifying whether 2 IPs are from the same server Max (Nov 28)
- Re[2]: Identifying whether 2 IPs are from the same server Thierry Zoller (Nov 28)
- <Possible follow-ups>
- RE: Identifying whether 2 IPs are from the same server Shenk, Jerry A (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Terry Vernon (Nov 25)