PaulDotCom mailing list archives

Re: Not scanning production

From: Conrad Constantine <conrad () 1211 net>
Date: Wed, 31 Oct 2012 12:30:07 -0400

On 10/31/2012 12:15 PM, Patrick Laverty wrote:

What's the safest way to get around this? Set the /etc/hosts file on
my scanning machine to point to my Dev server? I want to make 100%
sure that my scan never hits the production server.

I'd err on the safer side here, and packet filter all traffic to theproduction system entirely as well - iptables OUTPUT table (if onlinux), etc. Having it redirect back via a hosts entry is good though,just for completeness of the scan. Make sure your test server knows thatthe production server's hostname is a valid name for it too. (depends onthe vhosts config, if any, but webservers largely like it for clients toaddress them by names known to them).

Also, be sure to roll your eyes and gently curse the cluelessness of theweb developers.. who are apparently much bigger newbs at sane web designconcepts than you are.






_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Not scanning production Patrick Laverty (Oct 31)
- Re: Not scanning production Ron Gula (Oct 31)
- Re: Not scanning production Arch Angel (Oct 31)
  - Re: Not scanning production Barry Von Ahsen (Oct 31)
    - Re: Not scanning production Bacon Zombie (Oct 31)
    - Re: Not scanning production Conrad Constantine (Oct 31)
    - Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production Conrad Constantine (Oct 31)
- Re: Not scanning production David3 (Oct 31)
  - Re: Not scanning production James Condron (Oct 31)
    - Re: Not scanning production David3 (Oct 31)
- Re: Not scanning production Jason Wood (Oct 31)
  - Re: Not scanning production Frisch, Daniel (JUS) (Oct 31)
  - Re: Not scanning production Nick Drage (Oct 31)