.

What info can be obtained just from IP

<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Fri Oct 03, 2008 12:57 am

What info can be obtained just from IP

What info can be obtained just from IP
There is no rule, law or tradition that apply universally... including this one.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Oct 03, 2008 4:06 am

Re: What info can be obtained just from IP

I think it all depends what you do with the IP. Considering reconnaissance here, we could get the ISP of the IP, find contact information of the ISP. You could always run a few nmap scans to identify/enumerate services on the host. You could also attempt banner grabbing depending on what ports you find open on the machine itself. That's just to name a few though.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Oct 03, 2008 4:29 am

Re: What info can be obtained just from IP

The level of information often depends on the thoroughness of the organisation if they have provider independant (PI) IP space, or the thoroghness of the local internet registrar (LIR) if they have provider aggregated (PA) IP space.

From a whois search on the IP you should be able to get valid information for the organisation actually using the IP (this is a requirement made by the regional internet registrars (RIR) [at least in Europe, RIPE's authority]). However often these records are ambiguous or outdated as they are not updated as regularly as they should be. Also some larger LIR routinely assign IP space from a large allocation (typically a /19-/24) and only update the whois records for the parent block.

Another useful tool for recon work is myipneighbors/, as it allows you to find other domains using the same IP. This is useful for services running virtual hosts on the same server or shared colocation environments.

It's worth noting that the above techniques do not cause any traffic to reach the target from your IP address, so they are silent in that regard. Obviously once you start stepping up a gear with port enumeration and banner grabbing etc. this changes completely.

Hope this is some help.
<<

toggmeister

Post Sun Oct 05, 2008 2:09 am

Re: What info can be obtained just from IP

Another good useful resource which also allows similar functionality to myipneighbors is:

http://www.yougetsignal.com/ lots more functionality and tools though  ;D

Try also maltego (http://www.paterva.com/maltego/)

All this is done totally passively you should be able to get so much from enumerating a single ip by using these tools which should give you enough personal information on company employees (unless they use privacy protect servcies that is  :'( ) to say think about "spear-phishing" if you want to use this avenue to get into a network from a pen test perspective
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Oct 05, 2008 3:32 am

Re: What info can be obtained just from IP

toggmeister wrote:http://www.yougetsignal.com/ lots more functionality and tools though  ;D


Nice catch, hadn't found that one before, cheers :D
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Sun Oct 05, 2008 12:52 pm

Re: What info can be obtained just from IP

EH Columnist Chris Gates presented on something similar at ToorCon.  What he presented on was given a domain name, what can you find out.  Depending on what the IP resolves to, this could definitely be useful. Check out the link to the PDF at : http://carnal0wnage.blogspot.com/

One thing that I haven't seen a lot of mentioned was google.  I know it's probably common sense, but I've been able to track down IP's directly to people based on mail archives, IRC logs, etc. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Sun Oct 05, 2008 11:53 pm

Re: What info can be obtained just from IP

Thanks for the info guys.
There is no rule, law or tradition that apply universally... including this one.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software