----- Original Message ----- From: "Michael Scheidell" <[EMAIL PROTECTED]>
[snip] > One more interesting thing, if you have a client who has given you ip > addresses for external testing, and these ip addresses rdns to a domain > that doens't FWD resolve, you wil end up pen testing verisign's computers. I don't think so... or, put another way, I hope not ;-) As any fule kno, part of the <Yank>"Due Diligence"</Yank> process on receipt of IP ranges from a Client would be to conduct whois type searches to determine that the Client has indeed not typo'd an IP range or CIDR block. I've had this happen a few times and a cursory whois + confirmation has sorted the incorrect ranges before testing actually starts. Sometimes it's not even obvious from a whois which is all part of the fun of it. One hopes that the pen testers you employ also do this... :P Cheers. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
