Penetration Testing mailing list archives
Re: Looking for help against Chinese Hacking Team
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Mon, 15 Dec 2008 17:34:11 -0500
Actually, I'm a huge fan of mod_security + reverse apache proxy. I've used it in many cases and when configured right its awesome!
On Dec 13, 2008, at 11:35 AM, Jamie Riden wrote:
2008/12/13 harveyfrank <joet () ticadvisors com>:We've been battling the Chinese for several months now and have gone through several waves of US security experts who have failed to stop them. In their defense, we are not on an unlimited budget and they've gotten us to a point where it looks as though somewhere among the site's 400 scripts is a SQLinjection vulnerability.Automated testing by a few pen test products seems to think we're fine. Wedefinitely are not.Is it possible to hire a CEH to find the Chinese-discovered vulnerability for a few hundred dollars? (We aren't just being cheap, we've blown our wad on security that hasn't worked.) Would someone with intimate knowledge of the latest wave of Chinese attacks be required for this job? Besides our first rate security team that's just been beat, I've tried the $200 pen test folks and they have all failed. Microsoft security help has also failed.Advice (Besides porting to Linux)? Help?Quickest way I know would be to set up an apache reverse proxy using mod_security - that would have blocked all of the SQL injection attacks I've seen, and the ones I've seen described. I'm sure there is a Microsoft way to do the same thing, but I'm more of a Linux guy. The HTTP requests would all come to the Linux box, which would sanitise them and pass the safe ones on to IIS. If you've got the hardware lying around, this should only take about a day or so setup, depending on how much experience you have with Linux. Someone's suggesting doing it all on your IIS server by changing the IIS port and running apache/mod_security on that, if you prefer: https://www.gotroot.com/tiki-view_forum_thread.php?comments_parentId=259&topics_offset=6&topics_sort_mode=lastPost_asc&forumId=35 cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Adriel T. Desautels ad_lists () netragard com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Looking for help against Chinese Hacking Team harveyfrank (Dec 12)
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 12)
- RE: Looking for help against Chinese Hacking Team Shenk, Jerry A (Dec 12)
- Message not available
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 14)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- RE: Looking for help against Chinese Hacking Team Alex Eden (Dec 16)
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 12)
- Re: Looking for help against Chinese Hacking Team David Glosser (Dec 13)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team Daniel Clemens (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 18)
- <Possible follow-ups>
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)