Re: finding dyndns names for existing IP

From: Thomas Kerbl (t.kerbl@weigl.de)
Date: Fri Nov 28 2003 - 11:20:04 EST

• Next message: Alvin Oga: "Re: Heavyweight Network Mapping Tools"
• Previous message: Nicolas Gregoire: "Re: MPLS Security"
• In reply to: John Lampe: "Re: finding dyndns names for existing IP"
• Next in thread: Jimi Thompson: "Re: finding dyndns names for existing IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John Lampe wrote:

>----- Original Message -----
>From: "Thomas Kerbl" <t.kerbl@weigl.de>
>To: <pen-test@securityfocus.com>
>Sent: Wednesday, November 26, 2003 5:06 AM
>Subject: finding dyndns names for existing IP
>
>
>
>
>>Hello,
>>
>>To try to summarize the problem:
>>
>>1) We assume the company uses the DynDns service (or a similar service).
>>2) We got the actual valid IP through social engineering.
>>3) We want to find the dyndns name of this IP to keep track.
>>
>>Is there a Database hostet by dyndns (or similar service) we can
>>consult? Or is there a way to do a reverse lookup on the IP?
>>
>>
>
>Typically, you won't be able to do a reverse lookup on the IP, as it will
>resolve to either NULL or some FQDN within their ISP. However, they are
>using DynDNS for a reason (that should be an assumption, right?)...
>
Yes, but it was wishfull thinking from my side, a easy way to track
them. There's no Service running that would justify a dyndns service.

>i.e. they
>are offering some service that users can get to via DynDNS. Why not
>interrogate the applications which are using DynDNS. That is, if it's a
>webserver, find the FQDN via the web port, or if it's an email server,
>either query the banners of force the mail server to bounce you an email
>where you can look at SMTP headers, etc.
>
>
Good pointers, I sure can use them in future projects. But would an
applikation that I call by IP respond with an domainname usually? I
would expect it to respond with the IP (in headers, ...). Static banners
would be a possiblility of course.

>As you have been scanning this IP, what ports are being offered? That might
>be helpful to the conversation.
>
>
>
Nothing open towards the outside, not even SSH. I'm pretty sure they
don't use dyndns now. There's no good reason for using this service.
The test for this customer will be over this week, but the topic is
interesting for future tests. Input is still welcome.

thx,
Thomas Kerbl

-- 
~ weigl interservice
~ www.weigl.de
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Alvin Oga: "Re: Heavyweight Network Mapping Tools"
• Previous message: Nicolas Gregoire: "Re: MPLS Security"
• In reply to: John Lampe: "Re: finding dyndns names for existing IP"
• Next in thread: Jimi Thompson: "Re: finding dyndns names for existing IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT