On 10/31/2012 12:15 PM, Patrick Laverty wrote:
What's the safest way to get around this? Set the /etc/hosts file on my scanning machine to point to my Dev server? I want to make 100% sure that my scan never hits the production server.
I'd err on the safer side here, and packet filter all traffic to the production system entirely as well - iptables OUTPUT table (if on linux), etc. Having it redirect back via a hosts entry is good though, just for completeness of the scan. Make sure your test server knows that the production server's hostname is a valid name for it too. (depends on the vhosts config, if any, but webservers largely like it for clients to address them by names known to them).
Also, be sure to roll your eyes and gently curse the cluelessness of the web developers.. who are apparently much bigger newbs at sane web design concepts than you are.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
