Penetration Testing mailing list archives
RE: Odd situation, advice needed on penentration test results
From: "Vitaly Osipov" <witt () infosec ru>
Date: Thu, 27 Mar 2003 11:13:23 +0300
Guys, you are missing something here. The original poster's concern was what to do with the 0-day exploits, rootkit and sources from security vendors discovered on the machine. They could simply report to all vendors involved, but as I understand their client does not want to be mentioned in the relation to this. This is not a technical, but a legal/political situation. Best regards, Vitaly Osipov, CISSP, CCSE, CCNA
-----Original Message----- From: Harlan Carvey [mailto:keydet89 () yahoo com] Sent: Thursday, March 27, 2003 1:02 AM To: pen-test () securityfocus com Subject: Re: Odd situation, advice needed on penentration test results Ido,While catching this person is obviously ofimportance,the more critical step to take is to secure thesystemfor forensic analysis.I would agree that the system needs to be secured, but what good does shutting down the system do if you loose all of the volatile data, such as running processes, network connections, etc? How do you trace the issue back to whomever is responsible if you don't even know what IP address they're coming from, b/c you've lost the volatile data?I would recommend that the your client unplug the power from the system (hopefullytheintruder has not setup a logic bomb that triggers ifthenetwork interface goes down).I'm not sure I completely understand your reasoning here. If you unplug the power from the system, and the NIC goes down (due to lack of power), wouldn't the system itself shut off? Wouldn't the hard drive stop spinning and the CPU no longer process instructions? If that's the case...how's a logic bomb going to execute? Thanks, Harlan __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1 top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
Current thread:
- Re: Odd situation, advice needed on penentration test results, (continued)
- Re: Odd situation, advice needed on penentration test results Ido Dubrawsky (Mar 26)
- Re: Odd situation, advice needed on penentration test results Raven Alder (Mar 26)
- RE: Odd situation, advice needed on penentration test results Greg Reber (Mar 26)
- re: Odd situation, advice needed on penentration test results Harlan Carvey (Mar 26)
- re: Odd situation, advice needed on penentration test results Desmond Irvine (Mar 27)
- re: Odd situation, advice needed on penentration test results Harlan Carvey (Mar 27)
- Re: Odd situation, advice needed on penentration test results Desmond Irvine (Mar 27)
- re: Odd situation, advice needed on penentration test results R. DuFresne (Mar 27)
- re: Odd situation, advice needed on penentration test results Desmond Irvine (Mar 27)
- Re: Odd situation, advice needed on penentration test results Ido Dubrawsky (Mar 26)
- Re: Odd situation, advice needed on penentration test results Harlan Carvey (Mar 26)
- Re: Odd situation, advice needed on penentration test results Ido Dubrawsky (Mar 27)
- RE: Odd situation, advice needed on penentration test results Vitaly Osipov (Mar 27)