From: James Williams (jwilliams@mail.wtamu.edu)
Date: Wed Oct 05 2005 - 09:42:23 EDT
They have multiple PTR (reverse lookups) records for that particular IP
Address in their DNS.
To verify this do a nslookup on the ip address multiple times and you
should see the same pattern.
James Williams, GISF
Network Systems Technician
-----Original Message-----
From: BSK [mailto:bishan4u@yahoo.co.uk]
Sent: Tuesday, October 04, 2005 3:35 AM
To: pen-test@securityfocus.com
Subject: [PT] Load Balancers?
Dear All,
I'm doing a Blackbox PT for one of our clients, for
their website. I noticed a scenario which I would like
to discuss with you and get your opinion.
I got their IP by pinging the website address. I
cancelled the first ping and executed the second ping
immediately. The resolved address remains the same but
the domain name changes. Below are the sample results,
with real names changed:
# ping dummy.com
PING www.dummy.com (xxx.xxx.xxx.xxx) 56(84) bytes of
data
64 bytes from www.dummy.com (xxx.xxx.xxx.xxx):
icmp_seq=0 ttl=109 time=351 ms
# ping dummy.com
PING pummy.net (xxx.xxx.xxx.xxx) 56(84) bytes of data
64 bytes from pummy.net (xxx.xxx.xxx.xxx): icmp_seq=0
ttl=109 time=351 ms
# ping dummy.com
PING www.suffy.cc (xxx.xxx.xxx.xxx) 56(84) bytes of
data
64 bytes from www.suffy.cc (xxx.xxx.xxx.xxx):
icmp_seq=0 ttl=109 time=351 ms
When I repeat the same process for pummy.net, I get
same results.
I think its a server collocation or load balancing
done on xxx.xxx.xxx.xxx.
All dummy.com, suffy.cc and pummy.net show the same
website when seen thru the web browser.
Await your inputs.
Thanks,
Bshan
___________________________________________________________
How much free photo storage do you get? Store your holiday
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:02 EDT