Oct 212011
 

This is part 2 of Securing the Cloud.

Here is an interesting idea I have had some success with.  You spin up a new cloud instance, get a new ip that has been reissued.  Immediately start sniffing the traffic while doing some research to identify who previously had been using that IP address.  What can you obtain?  Maybe an admin will try to log into the old server via ip address, so now you have a valid admin username and password.  If the ip was reissued prior to every isp’s dns cache updating, you will likely obtain hits to services still cached at those isp’s, such as ftp accounts via domain, ssh accounts accounts via domains, and for hosted servers….you can at least grab some of the domains hosted at that previous ip.

You would be surprised just the type of information you can grab…..something to think about.