# IP Jacking : My experience / story / testing



## HaitiBrother (Apr 16, 2014)

So, you're probably already aware of the ability to jack IP's, if not, you should read this.

This is my personal testing on the theory behind this. I first set-up a dedicated server in the Netherlands, installed OVZ on it, spun on a Debian server, put the IP address on it, then I spun on another OVZ with Debian on it, assigned a different IP, then I created a new network adapter (virtual), assigned it the one IP I wanted to jack, it worked, I was able to use that IP address.

So, I thought, let's try something different, I spun up another Debian, this time I selected DHCP for the IP setting, and I was able to jack an IP address that wasn't even in my network block, it just found this IP laying there, took it and was able to be used.

Might just be me, but when I saw that I thought it was funny, because imagine how much stuff you can do in my second example with DHCP where it takes a real IP address that you don't own.


----------



## KuJoe (Apr 16, 2014)

VLANs FTW.


----------



## coreyman (Apr 16, 2014)

This sounds like it was too easy for you...


----------



## blergh (Apr 17, 2014)

I thought slapping each box on their own VLAN was common sense, i suppose not?


----------



## rds100 (Apr 17, 2014)

If the DC doesn't put each customer on their own VLAN, they fully deserve all the potential problems they could get.

We even put each Raspberry Pi in a separate VLAN.


----------



## OffshoreBox (Apr 17, 2014)

Which DC was this?


----------



## peterw (Apr 17, 2014)

Wow you hacked their network by using their DHCP. They should get slapped for not using vlans.


----------



## HaitiBrother (Apr 17, 2014)

For those wondering, the datacenter was Serverius


----------



## Taronyu (Apr 19, 2014)

HaitiBrother said:


> For those wondering, the datacenter was Serverius


Why doesn't this suprise me. Serverius is one of the budget DC's around here.


Send from my Galaxy S3


----------



## AuroraZero (Apr 22, 2014)

Taronyu said:


> Why doesn't this suprise me. Serverius is one of the budget DC's around here.
> 
> 
> Send from my Galaxy S3


This makes a difference why? How does this effect the fact that they *should *be following the correct security measures?

Just because a company is a budget provider should not make a difference at all. I am sorry but this is really starting to piss me off lately. People bitching and complaining about things getting hacked and screwed up, but then on the same hand not wanting to take the entra few steps to secure the things they need to do themseleves.

So what if it takes two extra steps for you to get into your container. Better that then to lose all your data.

Moral of the story if you do not know how to do it yourself, hire someone who does and then *do not* disable what they do to protect you and leave it alone.

Sorry guys I will end my rant now and go back into hiding.


----------



## BrianHarrison (Apr 22, 2014)

AuroraZero said:


> This makes a difference why? How does this effect the fact that they *should *be following the correct security measures?


Taronyu is saying he's not surprised -- he's not implying that being a budget datacenter is a valid excuse.


----------



## Tom_WebhostingUK LTD (Apr 23, 2014)

Seems to be a tough job for hacking network. Haven't they recognized yet?


----------

