PaulDotCom mailing list archives

Re: Not scanning production

From: "Frisch, Daniel (JUS)" <Daniel.Frisch () ontario ca>
Date: Wed, 31 Oct 2012 17:40:31 +0000

I agree with Jason - keep it simple. Hosts file + static route or iptables rule would work great.

One other thing that seems obvious but is easy to overlook: Make sure your dev web app is not pointing at your prod 
database (not speaking from experience, just sayin).

Dan

From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Jason 
Wood
Sent: 31-Oct-12 1:20 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Not scanning production

To keep it simple, I'd add an entry in my hosts file for the prod site and point it to the the dev server IP.  To be 
really certain scanning traffic never hits the prod site, you could add a static route for the IP of the prod site to 
an invalid gateway so that traffic to the site can't leave your network.

For example:
Prod site IP - 10.10.10.3
Default Gateway IP - 192.168.1.1

route add -host 10.10.10.3/32<http://10.10.10.3/32> gw 192.168.1.<unassigned IP> dev eth0

You can also start your scan and fire up tcpdump to watch for traffic attempting to reach the prod IP.  If you see it, 
then you know something has gone wrong.


Jason



On Wed, Oct 31, 2012 at 10:15 AM, Patrick Laverty <patrick_laverty () brown edu<mailto:patrick_laverty () brown edu>> 
wrote:
Ok, newbie here...

I was asked to scan a web site that we were told is vulnerable. So I'm
copying the site over to my Dev server and each time I manually click
on links, I see it sends my request to production. I went through the
.htaccess file and changed everything to point to my Dev server. It
still goes to prod. I dig in a little further and sure enough, most of
the links in the hundreds of pages are hardcoded to the prod site.

What's the safest way to get around this? Set the /etc/hosts file on
my scanning machine to point to my Dev server? I want to make 100%
sure that my scan never hits the production server.

Suggestions?

Thank you.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



--

irc: Tadaka
Twitter:  Jason_Wood

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: Not scanning production, (continued)
- Re: Not scanning production Arch Angel (Oct 31)
  - Re: Not scanning production Barry Von Ahsen (Oct 31)
    - Re: Not scanning production Bacon Zombie (Oct 31)
    - Re: Not scanning production Conrad Constantine (Oct 31)
    - Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production Conrad Constantine (Oct 31)
- Re: Not scanning production David3 (Oct 31)
  - Re: Not scanning production James Condron (Oct 31)
    - Re: Not scanning production David3 (Oct 31)
- Re: Not scanning production Jason Wood (Oct 31)
  - Re: Not scanning production Frisch, Daniel (JUS) (Oct 31)
  - Re: Not scanning production Nick Drage (Oct 31)