From: John Lampe (jwlampe@aceryder.com)
Date: Wed Nov 26 2003 - 10:50:41 EST
----- Original Message -----
From: "Thomas Kerbl" <t.kerbl@weigl.de>
To: <pen-test@securityfocus.com>
Sent: Wednesday, November 26, 2003 5:06 AM
Subject: finding dyndns names for existing IP
> Hello,
>
> To try to summarize the problem:
>
> 1) We assume the company uses the DynDns service (or a similar service).
> 2) We got the actual valid IP through social engineering.
> 3) We want to find the dyndns name of this IP to keep track.
>
> Is there a Database hostet by dyndns (or similar service) we can
> consult? Or is there a way to do a reverse lookup on the IP?
Typically, you won't be able to do a reverse lookup on the IP, as it will
resolve to either NULL or some FQDN within their ISP. However, they are
using DynDNS for a reason (that should be an assumption, right?)...i.e. they
are offering some service that users can get to via DynDNS. Why not
interrogate the applications which are using DynDNS. That is, if it's a
webserver, find the FQDN via the web port, or if it's an email server,
either query the banners of force the mail server to bounce you an email
where you can look at SMTP headers, etc.
As you have been scanning this IP, what ports are being offered? That might
be helpful to the conversation.
John
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT