RE: Pen Test mistake

From: Dan Taylor (dtaylor_at_securify.com)
Date: 08/21/03

Next message: Jeff Steeves: "Re: Pen Test mistake"

Previous message: Patrick Dolan: "Re: Pen Test mistake"
In reply to: RMcElroy_at_mbe.com: "RE: Pen Test mistake"
Next in thread: Jeffrey Gorton: "Re: Pen Test mistake"
Reply: Jeffrey Gorton: "Re: Pen Test mistake"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <pen-test@securityfocus.com>
Date: Thu, 21 Aug 2003 15:12:29 -0400

I agree with this person, if you volunteer information to this company, you
could be hit with illegally scanning their systems (because you do not have
consent to do so). You could very well land in jail with the local
authorities possessing your systems for a few years. Even if you win your
systems back, they will be so old and outdated that they will be useless.

Delete your logs and redo what you were hired to do in the first place.

Also, on a side note, didn't the letter stating that you were allowed to do
this scan have the valid IP addresses you were allowed to scan? If it
didn't, you need to have your legal department reconstruct the letter to
start incorporating this valuable piece of information.

I'll jump off of my soapbox now!

-----Original Message-----
From: RMcElroy@mbe.com [mailto:RMcElroy@mbe.com]
Sent: Thursday, August 21, 2003 1:49 PM
To: webproze@yahoo.com; pen-test@securityfocus.com
Subject: RE: Pen Test mistake

ERASE ALL LOGS AND RUN FOREST RUN....:)

-----Original Message-----
From: Jeff Johnson [mailto:webproze@yahoo.com]
Sent: Wednesday, August 20, 2003 9:48 PM
To: pen-test@securityfocus.com
Subject: Pen Test mistake

Let's just say, for theoretical purposes, that you
were contracted to perform a penetration test on a
company. After receiving the IP range from the
company, you begin the test. You're well into the
test and find several vulnerable servers, which you
promptly own six ways from Sunday. Then a co-worker
wanders into your company's lab and looks over your
shoulder and advises you that the hosts that you're
owning are a single digit in the subnet off from the
hosts you're supposed to be attacking.

Example, I've owned 192.168.10.35, when in actuality I
was supposed to be owning 192.168.11.35.

How do you handle this situation?

My vote is to contact the owners of the site, advise
them honestly of the mistake, offer assistance (free
of charge of course) in correcting the security
problem you used to own them, and walk away a bit the
wiser.

Anyone else have any better advice?

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

------------------------------------------------------------------------

---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s
premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September
6 Visit: www.blackhat.com
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6
Visit: www.blackhat.com
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
----------------------------------------------------------------------------

application/ms-tnef attachment: winmail.dat

Next message: Jeff Steeves: "Re: Pen Test mistake"

Previous message: Patrick Dolan: "Re: Pen Test mistake"
In reply to: RMcElroy_at_mbe.com: "RE: Pen Test mistake"
Next in thread: Jeffrey Gorton: "Re: Pen Test mistake"
Reply: Jeffrey Gorton: "Re: Pen Test mistake"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Can anyone identify this possible backdoor?
... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Incidents)
Re: Pen Test mistake
... Subject: Pen Test mistake ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symanetc is the Diamond sponsor. ...
(Pen-Test)
RE: Re: Hunting for Mr Badmouth
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
(Security-Basics)
RE: Windows XP Pro cracker?
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ...
(Security-Basics)
RE: Can anyone identify this possible backdoor?
... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Incidents)