PaulDotCom mailing list archives
Re: Not scanning production
From: "Frisch, Daniel (JUS)" <Daniel.Frisch () ontario ca>
Date: Wed, 31 Oct 2012 17:40:31 +0000
I agree with Jason - keep it simple. Hosts file + static route or iptables rule would work great. One other thing that seems obvious but is easy to overlook: Make sure your dev web app is not pointing at your prod database (not speaking from experience, just sayin). Dan From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Jason Wood Sent: 31-Oct-12 1:20 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Not scanning production To keep it simple, I'd add an entry in my hosts file for the prod site and point it to the the dev server IP. To be really certain scanning traffic never hits the prod site, you could add a static route for the IP of the prod site to an invalid gateway so that traffic to the site can't leave your network. For example: Prod site IP - 10.10.10.3 Default Gateway IP - 192.168.1.1 route add -host 10.10.10.3/32<http://10.10.10.3/32> gw 192.168.1.<unassigned IP> dev eth0 You can also start your scan and fire up tcpdump to watch for traffic attempting to reach the prod IP. If you see it, then you know something has gone wrong. Jason On Wed, Oct 31, 2012 at 10:15 AM, Patrick Laverty <patrick_laverty () brown edu<mailto:patrick_laverty () brown edu>> wrote: Ok, newbie here... I was asked to scan a web site that we were told is vulnerable. So I'm copying the site over to my Dev server and each time I manually click on links, I see it sends my request to production. I went through the .htaccess file and changed everything to point to my Dev server. It still goes to prod. I dig in a little further and sure enough, most of the links in the hundreds of pages are hardcoded to the prod site. What's the safest way to get around this? Set the /etc/hosts file on my scanning machine to point to my Dev server? I want to make 100% sure that my scan never hits the production server. Suggestions? Thank you. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- irc: Tadaka Twitter: Jason_Wood
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Not scanning production, (continued)
- Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production Barry Von Ahsen (Oct 31)
- Re: Not scanning production Bacon Zombie (Oct 31)
- Re: Not scanning production Conrad Constantine (Oct 31)
- Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production Barry Von Ahsen (Oct 31)
- Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production James Condron (Oct 31)
- Re: Not scanning production David3 (Oct 31)
- Re: Not scanning production Frisch, Daniel (JUS) (Oct 31)
- Re: Not scanning production Nick Drage (Oct 31)