From: Terry Vernon (tvernon24@comcast.net)
Date: Fri Nov 25 2005 - 00:49:34 EST
Try flooding one while watching the turnaround time on a ping to the
other one. If it is the same machine, the flood might occupy the network
stack and cause latency in the ping time from it's second IP. There are
situations where this might give you a false positive such as two
identical machines on an unswitched ethernet where the flood would
naturally slow the response of the second machine. It's not a perfect
plan but right off the top of my head that's an option. You can also use
nmap to scan it and hope the machines reveal their uptimes, if the
uptimes are identical then it could be the same machine or the admin
gets off on synchronizing the power on his servers lol.
If you were more explicit about which sockets were in use then you can
enumerate the two by looking at static files on the machines (web, anon
ftp, etc). If you can find two identical folders on each IP through
apache that doesn't have an index.html file you can compare the
timestamps on the contents of both folders. There's a bunch of little
things you can do.
I'm willing to bet 'nmap -O -p 0-1024 hostname' will tell you what you
need to know
-Terry
BSK wrote:
>Hello,
>
>I am doing a Penetration Testing for 2 IP addresses.
>My findings till now for both the servers are exactly
>same. I strongly feel that both the IPs belong to the
>same machine. May be a scenario where two NICs are on
>the same machine with two Public IPs. I ran HPING to
>match their IP IDs but it shows different series for
>both of them.
>
>Is there any other technique that we can use to
>ascertain such a situation?
>
>thank you
>
>
>
>
>___________________________________________________________
>WIN ONE OF THREE YAHOO! VESPAS - Enter now! - http://uk.cars.yahoo.com/features/competitions/vespa.html
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:11 EDT