Opening the Kimono (Ways to annoy your pentester)
How often do you laugh so hard that Coke comes out your nose while reading a Security blog?
The following post just did that for me, and I wanted to share. If you have ever been involved in a pentest, you can identify...
http://layer8.itsecuritygeek.com/index/layer8/comments/ways-to-annoy-your-pentester/
6. Port flashing. Randomly open and close access to ports while he’s doing his scans, so that when he comes back for a closer look later, they’ve changed. Bonus points if you can make it look like whole hosts are appearing and disappearing.
5. Tell him you have a whole class B to scan, even if you don’t. Make him figure out which IPs belong to you and which ones belong to the Department of Public Safety down the street. If he’s really good, he won’t tick off the wrong people.
4. Change the hostname on your most critical server to “honeypot.”
3. Have your lawyer deliver “cease and desist” letters to his house.
2. Let him get about 1/4 of the way through his initial scan, and then shun his IP address and call him up, saying, “Game over! I win!”
and the number one way to annoy your pentester:
1. Accidentally add an “is” to his job title.
