Penetration Testing: RE: HTTP request working via hostname but not via IP address

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

RE: HTTP request working via hostname but not via IP address

From: "Admin.mmm" <admin.mmm () iinet net au>
Date: Tue, 9 May 2006 01:00:50 +1000

Check you get a forward and reverse DNS lookup that match.

Sometimes you can get the hostname return the correct IP, but the IP
resolves to the wrong address.

J

-----Original Message-----
From: Arjun Venkatraman [mailto:arjunishere () gmail com] 
Sent: Monday, May 08, 2006 7:56 PM
To: javier () liendo net
Cc: pen-test () securityfocus com
Subject: Re: HTTP request working via hostname but not via IP address

Hey Javier,

The IP i'm trying to reach IS one of two IPs which correspond to a
virtual adress, but this is on an internal network, so the IP I am
aiming for is definitely not virtual.
Any other possibilities?

Cheers
Arjun



On 5/8/06, Javier Liendo <javier () liendo net> wrote:

hello arjun

check if the website is a virtual website...most probably it is and
that is the reason you can only get at it with the hostname and not
the IP address...

regards

javier

On 5/5/06, Arjun Venkatraman <arjunishere () gmail com> wrote:

 Hi all,

 I have a pretty basic sort of problem. While sending an HTTP request
to a machine using a VBScript, when I mention the hostname in the URL,
the request goes through smoothly. However, when I mention the IP
address explicitly, the request does not go through. I have confirmed
he IP address multiple times to make sure the error is not a typo.

If the machine name had not been accessible, I would have concluded
that the DNS query was the problem. But with the hostname working and
the IP not working I am stumped.

Any ideas?

Cheers

Arjun

----------------------------------------------------------------------------
--

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the

Analyst's

Choice Award from eWeek. As attacks through web applications continue to

rise,

you need to proactively protect your applications from hackers. Cenzic

has the

most comprehensive solutions to meet your application security

penetration

testing and vulnerability management needs. You have an option to go

with a

managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service

can

help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm

your

results from other product. Contact us at request () cenzic com for

details.

----------------------------------------------------------------------------
--


----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic has
the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
----------------------------------------------------------------------------
--

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------

By Date By Thread

Current thread:

Re: HTTP request working via hostname but not via IP address Arjun Venkatraman (May 07)
- Re: HTTP request working via hostname but not via IP address Javier Liendo (May 07)
  - Re: HTTP request working via hostname but not via IP address Arjun Venkatraman (May 08)
    - Re: HTTP request working via hostname but not via IP address Ron Nelson (May 08)
    - Re: HTTP request working via hostname but not via IP address Arjun Venkatraman (May 09)
    - RE: HTTP request working via hostname but not via IP address Admin.mmm (May 08)
    - RE: HTTP request working via hostname but not via IP address Omar A. Herrera (May 08)
    - RE: HTTP request working via hostname but not via IP address Marvin Simkin (May 08)
- Re: HTTP request working via hostname but not via IP address Thor (Hammer of God) (May 07)
- <Possible follow-ups>
- RE: HTTP request working via hostname but not via IP address Hiten Pankhania (May 08)