Penetration Testing mailing list archives
RE: Looking for help against Chinese Hacking Team
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Fri, 12 Dec 2008 22:00:53 -0500
Can you identify the time of the attack? If you can identify that, then can you go backward through your web server logs and identify and identify the attack. Think about any pages that allow users to send files to your system...that's a pretty common hole. How do you know it's "the Chinese"? If you really do know who it is, then you should have an IP address....that should make the search for the attack somewhat simpler....not simple, just simpler;) Go through ALL your logs and look for that IP address. Keep in mind that they could do recon from one IP and then attack from another...not too common but certainly possible. Running a pen-test against the web site MIGHT find it...but then, it might be something that's not one of the included attacks or it takes a certain time of obfuscation to get through something. Really, if you've been attacked, then the key is to find out what they did to get you. Obviously you don't have much of a budget (and this isn't a dig, just a statement of an assumption) if you think a $200 pen-test was a lot of money so, just go pore over those web logs. That's where it is. Make sure you have the event logging cranked up. You didn't say what they did but, if they managed to launch an executable, you can probably catch it if you turn on auditing for system processes and event tracking. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mike Hale Sent: Friday, December 12, 2008 9:22 PM To: harveyfrank Cc: pen-test () securityfocus com Subject: Re: Looking for help against Chinese Hacking Team Your choices are cheap, fast and properly. Pick two. ;) If the concern in this case is a vulnerability in your web application, I'd suggest looking at a web-application firewall. Setting it up properly can get very expensive, unless you know exactly how your traffic needs to look. There are some open-source ones available that are pretty good, such as ModSecurity. If you're the techincal guy for the company, I'd recomend taking a weekend to read up on the various features and setting up a test box somewhere. Once that's done, start by securing small portions of your web site at a time. Figure out what legitimate packets look like, and allow only those through. On Fri, Dec 12, 2008 at 4:59 PM, harveyfrank <joet () ticadvisors com> wrote:
We've been battling the Chinese for several months now and have gone
through
several waves of US security experts who have failed to stop them. In
their
defense, we are not on an unlimited budget and they've gotten us to a
point
where it looks as though somewhere among the site's 400 scripts is a
SQL
injection vulnerability. Automated testing by a few pen test products seems to think we're
fine. We
definitely are not. Is it possible to hire a CEH to find the Chinese-discovered
vulnerability
for a few hundred dollars? (We aren't just being cheap, we've blown
our wad
on security that hasn't worked.) Would someone with intimate knowledge
of
the latest wave of Chinese attacks be required for this job? Besides
our
first rate security team that's just been beat, I've tried the $200
pen test
folks and they have all failed. Microsoft security help has also
failed.
Advice (Besides porting to Linux)? Help? -- View this message in context:
http://www.nabble.com/Looking-for-help-against-Chinese-Hacking-Team-tp20 986210p20986210.html
Sent from the Penetration Testing mailing list archive at Nabble.com.
------------------------------------------------------------------------
This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Looking for help against Chinese Hacking Team harveyfrank (Dec 12)
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 12)
- RE: Looking for help against Chinese Hacking Team Shenk, Jerry A (Dec 12)
- Message not available
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 14)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- RE: Looking for help against Chinese Hacking Team Alex Eden (Dec 16)
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 12)
- Re: Looking for help against Chinese Hacking Team David Glosser (Dec 13)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team Daniel Clemens (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 16)