| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00c501c37d77$648c91a0$050e30d5@drizzt> From: nexus at patrol.i-way.co.uk (Nexus) Subject: Verisign abusing .COM/.NET monopoly, BIND releases new ----- Original Message ----- From: "Michael Scheidell" <scheidell@...nap.net> [snip] > One more interesting thing, if you have a client who has given you ip > addresses for external testing, and these ip addresses rdns to a domain > that doens't FWD resolve, you wil end up pen testing verisign's computers. I don't think so... or, put another way, I hope not ;-) As any fule kno, part of the <Yank>"Due Diligence"</Yank> process on receipt of IP ranges from a Client would be to conduct whois type searches to determine that the Client has indeed not typo'd an IP range or CIDR block. I've had this happen a few times and a cursory whois + confirmation has sorted the incorrect ranges before testing actually starts. Sometimes it's not even obvious from a whois which is all part of the fun of it. One hopes that the pen testers you employ also do this... :P Cheers.
Powered by blists - more mailing lists