Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Ways to annoy your pentester.

If you’re going to have a pentest, you might as well lie back and enjoy it.  Here are some fun things to try next time you have to open the kimono:

6.  Port flashing.  Randomly open and close access to ports while he’s doing his scans, so that when he comes back for a closer look later, they’ve changed.  Bonus points if you can make it look like whole hosts are appearing and disappearing.

5.  Tell him you have a whole class B to scan, even if you don’t.  Make him figure out which IPs belong to you and which ones belong to the Department of Public Safety down the street.  If he’s really good, he won’t tick off the wrong people.

4.  Change the hostname on your most critical server to “honeypot.“

3.  Have your lawyer deliver “cease and desist” letters to his house.

2.  Let him get about 1/4 of the way through his initial scan, and then shun his IP address and call him up, saying, “Game over!  I win!“

and the number one way to annoy your pentester:

1.  Accidentally add an “is” to his job title.

 

Posted by shrdlu on Tuesday, March 13, 2007
(11) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon

Next entry: My sphere of influence.

Previous entry: Vendor relations.

Comments

LonerVamp United States on 03/13  at  03:27 PM:

lol those are awesome and totally made my day!

Alex United States on 03/13  at  07:22 PM:

Wrong.  You’re just wrong.

And that’s why I love your blog.

Canada on 03/16  at  12:36 PM:

Three words: Core router reboots

Dave New Zealand (Aotearoa) on 03/17  at  01:36 AM:

Try a pentest on the pentester.

And there’s GOT to be something you can do with vmware/virtual-pc to mess with his head.

shrdlu United States on 03/17  at  07:33 AM:

And there’s GOT to be something you can do with vmware/virtual-pc to mess with his head.

Bwahahaha. “They’re running TOPS-20? WTF????!????“

Sandro Malta on 03/23  at  05:26 AM:

heh really enjoyed this!

LonerVamp United States on 03/23  at  07:28 PM:

You could try to tarpit him too. Get some honeypots and servers up on the network that respond to every non-existent IP and exhibits hundreds of open ports all waiting for delicious connections…elation turns to surprise turns to blaming his tools to outright horror…

echox Germany on 03/24  at  07:38 AM:

*hrhr* looks like you met your bofh wink

Pluto Great Britain (UK) on 03/26  at  10:58 AM:

Salve,

most annoying is:

1. patch the servers whilst being tested, do not admit it before your boss in exit meeting

2. change routing and firewall rules after first or second day into the pentest

3. add networks that belong to subsidies which you sold like a week ago, whois not updated, o’course

4. source quench icmp errors to 5 / minute

5. dynamic block of attacking ip on the firewall, 30 min timeout, no way to change this, I’m terribly sorry.

6. ask to be consulted before the pentester tries anything dangerous, like sending a packet to a closed port

6a. require written consent (advanced: paper, basic: email) to said action

And a lot more ... worse for wear this are not even phantasy’s, this just happend in the past 8 years.

Cheers

Pluto

United States on 04/12  at  02:15 PM:

Ok, call me dense but what is the “is” for???

Rory Great Britain (UK) on 05/07  at  12:39 PM:

Hahahaha - ‘Pen’ tester

Page 1 of 1 pages

Add a comment

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: