Penetration Testing mailing list archives

RE: Identifying whether 2 IPs are from the same server

From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Fri, 25 Nov 2005 07:51:30 -0500

Try to pull banners from both IPs and see if the timestamps match.
Obviously if they do match, it could just be that they share a common
clock as that is a really good idea.  If they don't match, then you have
two different machines.  It seems that most sites don't actually do very
well at getting their clocks synced.

-----Original Message-----
From: BSK [mailto:bishan4u () yahoo co uk] 
Sent: Thursday, November 24, 2005 8:59 AM
To: pen-test () securityfocus com
Subject: Identifying whether 2 IPs are from the same server

Hello,

I am doing a Penetration Testing for 2 IP addresses.
My findings till now for both the servers are exactly
same. I strongly feel that both the IPs belong to the
same machine. May be a scenario where two NICs are on
the same machine with two Public IPs. I ran HPING to
match their IP IDs but it shows different series for
both of them.

Is there any other technique that we can use to
ascertain such a situation?

thank you

___________________________________________________________ 
WIN ONE OF THREE YAHOO! VESPAS - Enter now! -
http://uk.cars.yahoo.com/features/competitions/vespa.html

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on
your 
website. Up to 75% of cyber attacks are launched on shopping carts,
forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are 
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before
hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
message. If you have received this communication in error, please notify the sender and delete this e-mail message. The 
contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Identifying whether 2 IPs are from the same server BSK (Nov 24)
- Re: Identifying whether 2 IPs are from the same server Terry Vernon (Nov 25)
  - Re: Identifying whether 2 IPs are from the same server Hernan Antolini (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Joachim Schipper (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Franck Veysset (Nov 25)
- Re: Identifying whether 2 IPs are from the same server Andrew Simmons (Nov 27)
- Re: Identifying whether 2 IPs are from the same server Max (Nov 28)
  - Re[2]: Identifying whether 2 IPs are from the same server Thierry Zoller (Nov 28)
- <Possible follow-ups>
- RE: Identifying whether 2 IPs are from the same server Shenk, Jerry A (Nov 25)