RE: Odd situation, advice needed on penentration test results

From: Vitaly Osipov (witt@infosec.ru)
Date: 03/27/03

  • Next message: oherrera: "Re: Vulnerability scanners"
    Date: Thu, 27 Mar 2003 11:13:23 +0300
    From: "Vitaly Osipov" <witt@infosec.ru>
    To: <pen-test@securityfocus.com>
    
    

    Guys, you are missing something here. The original poster's concern was
    what to do with the 0-day exploits, rootkit and sources from security
    vendors discovered on the machine. They could simply report to all
    vendors involved, but as I understand their client does not want to be
    mentioned in the relation to this. This is not a technical, but a
    legal/political situation.

    Best regards,
    Vitaly Osipov, CISSP, CCSE, CCNA

    > -----Original Message-----
    > From: Harlan Carvey [mailto:keydet89@yahoo.com]
    > Sent: Thursday, March 27, 2003 1:02 AM
    > To: pen-test@securityfocus.com
    > Subject: Re: Odd situation, advice needed on penentration test results
    >
    >
    > Ido,
    >
    > > While catching this person is obviously of
    > importance,
    > > the more critical step to take is to secure the
    > system
    > > for forensic analysis.
    >
    > I would agree that the system needs to be secured, but
    > what good does shutting down the system do if you
    > loose all of the volatile data, such as running
    > processes, network connections, etc? How do you trace
    > the issue back to whomever is responsible if you don't
    > even know what IP address they're coming from, b/c
    > you've lost the volatile data?
    >
    > > I would recommend that the your
    > > client unplug the power from the system (hopefully
    > the
    > > intruder has not setup a logic bomb that triggers if
    > the
    > > network interface goes down).
    >
    > I'm not sure I completely understand your reasoning
    > here. If you unplug the power from the system, and
    > the NIC goes down (due to lack of power), wouldn't the
    > system itself shut off? Wouldn't the hard drive stop
    > spinning and the CPU no longer process instructions?
    >
    > If that's the case...how's a logic bomb going to
    > execute?
    >
    > Thanks,
    >
    > Harlan
    >
    >
    > __________________________________________________
    > Do you Yahoo!?
    > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your
    > desktop! http://platinum.yahoo.com
    >
    > top spam and e-mail risk at the gateway.
    > SurfControl E-mail Filter puts the brakes on spam & viruses
    > and gives you the reports to prove it. See exactly how much
    > junk never even makes it in the door. Free 30-day trial:
    http://www.surfcontrol.com/go/zsfptl1

    top spam and e-mail risk at the gateway.
    SurfControl E-mail Filter puts the brakes on spam & viruses
    and gives you the reports to prove it. See exactly how much
    junk never even makes it in the door. Free 30-day trial:
    http://www.surfcontrol.com/go/zsfptl1


  • Next message: oherrera: "Re: Vulnerability scanners"

    Relevant Pages

    • Re: Pen-Testing VPN
      ... > pen-testing an IPSEC gateway at the Cansecwest conference 2 years ago. ... > top spam and e-mail risk at the gateway. ... > and gives you the reports to prove it. ...
      (Pen-Test)
    • Re: Google Groups spam got you down? Check out ggSpamFree (ggNoSpam fork)
      ... Google, through groups, attempt to provide free access to Usenet. ... is to shut down the spammers account. ... It is the receiving of spam ... their handling of spam reports. ...
      (comp.lang.javascript)
    • Re: Bogus abusive spam complaint from Robert Perkis REPORTED TO HIS ISP!
      ... It IS NOT SPAM. ... > Here's a portion of the FAQ from the group, (posted by Robert Perkis): ... > Newsgroups: rec.gambling.lottery ... > false spam reports... ...
      (rec.gambling.lottery)
    • Re: Best way to enable logs to catch a suspicious spammer inside org
      ... >>I received reports that somebody is sending spam from inside my ... >>the suspect belongs to my IP address range in one of my workstation ... SMTP logging wouldn't help much. ...
      (microsoft.public.win2000.security)
    • Re: Google Begs for More Spam Reports
      ... Perhaps they take all the spam reports, toss them in a pool of data ... spam the spam report mechanism. ... back to the web sites I just cleaned 'em up and moved them around a bit. ... Google is vying for control for the Asian search market, ...
      (alt.internet.search-engines)