Ways to annoy your pentester.
If you’re going to have a pentest, you might as well lie back and enjoy it. Here are some fun things to try next time you have to open the kimono:
6. Port flashing. Randomly open and close access to ports while he’s doing his scans, so that when he comes back for a closer look later, they’ve changed. Bonus points if you can make it look like whole hosts are appearing and disappearing.
5. Tell him you have a whole class B to scan, even if you don’t. Make him figure out which IPs belong to you and which ones belong to the Department of Public Safety down the street. If he’s really good, he won’t tick off the wrong people.
4. Change the hostname on your most critical server to “honeypot.”
3. Have your lawyer deliver “cease and desist” letters to his house.
2. Let him get about 1/4 of the way through his initial scan, and then shun his IP address and call him up, saying, “Game over! I win!”
and the number one way to annoy your pentester:
1. Accidentally add an “is” to his job title.
Posted by shrdlu on Tuesday, March 13, 2007(11) Comments • Permalink •
