PaulDotCom mailing list archives
Re: Not scanning production
From: Conrad Constantine <conrad () 1211 net>
Date: Wed, 31 Oct 2012 12:30:07 -0400
On 10/31/2012 12:15 PM, Patrick Laverty wrote:
What's the safest way to get around this? Set the /etc/hosts file on my scanning machine to point to my Dev server? I want to make 100% sure that my scan never hits the production server.
I'd err on the safer side here, and packet filter all traffic to the production system entirely as well - iptables OUTPUT table (if on linux), etc. Having it redirect back via a hosts entry is good though, just for completeness of the scan. Make sure your test server knows that the production server's hostname is a valid name for it too. (depends on the vhosts config, if any, but webservers largely like it for clients to address them by names known to them).
Also, be sure to roll your eyes and gently curse the cluelessness of the web developers.. who are apparently much bigger newbs at sane web design concepts than you are.
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Not scanning production Patrick Laverty (Oct 31)
- Re: Not scanning production Ron Gula (Oct 31)
- Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production Barry Von Ahsen (Oct 31)
- Re: Not scanning production Bacon Zombie (Oct 31)
- Re: Not scanning production Conrad Constantine (Oct 31)
- Re: Not scanning production Arch Angel (Oct 31)
- Re: Not scanning production Barry Von Ahsen (Oct 31)
- Re: Not scanning production James Condron (Oct 31)
- Re: Not scanning production David3 (Oct 31)
- Re: Not scanning production Frisch, Daniel (JUS) (Oct 31)
- Re: Not scanning production Nick Drage (Oct 31)