[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new

To: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Subject: Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
From: "Nexus" <nexus@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Sep 2003 00:57:02 +0100

----- Original Message ----- 
From: "Michael Scheidell" <scheidell@xxxxxxxxxx>

[snip]

> One more interesting thing, if you have a client who has given you ip
> addresses for external testing, and these ip addresses rdns to a domain
> that doens't FWD resolve, you wil end up pen testing verisign's computers.

I don't think so... or, put another way, I hope not ;-)
As any fule kno, part of the <Yank>"Due Diligence"</Yank> process on receipt
of IP ranges from a Client would be to conduct whois type searches to
determine that the Client has indeed not typo'd an IP range or CIDR block.
I've had this happen a few times and a cursory whois + confirmation has
sorted the incorrect ranges before testing actually starts.   Sometimes it's
not even obvious from a whois which is all part of the fun of it.

One hopes that the pen testers you employ also do this... :P

Cheers.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
  - From: Michael Scheidell

Prev by Date: AW: [Full-Disclosure] AMDPatchB & InstallStub
Next by Date: [Full-Disclosure] Veriscum badness...
Previous by thread: Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
Next by thread: Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
Index(es):
- Date
- Thread