Penetration Testing mailing list archives
Re: Scriptable defense question
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 14 May 2009 15:09:53 -0400
Hi Fred,
Is there a tool that would allow for a tcp reset, or connection drop, or possible bar future sessions from that IP? ...I am thinking of a script that parses a log,
I believe this would be dangerous in the Windows world. The events of interest are 539 [1] and friends in the Security log. I don't believe it is a good idea to allow a script access to the log, which usually has a fairly tight ACL. The scenario is an attacker could [more] easily wipe the log to cover their tracks. With that said, there may be something out there that does what you want. Jeff [1] http://www.eventid.net/display.asp?eventid=539&source=Security On 5/11/09, Fred H <sectester () yahoo com> wrote:
Hi All, here is a scenario that has come up. Lets says there is a generic server that is on a dmz, and there are many password attempts on the server. Is there a tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP? I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that drops the connection. Does anyone have any ideas on this? Fred Hamilton Information Security Analyst 2 Financial Sector [SNIP]
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Scriptable defense question Fred H (May 14)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)
- Re: Scriptable defense question scott (May 14)
- RE: Scriptable defense question David_Falloon (May 15)
- Re: Scriptable defense question scott (May 14)
- RE: Scriptable defense question Gostomelsky, Vladislav (May 14)
- Re: Scriptable defense question Jeffrey Walton (May 14)
- Re: Scriptable defense question Christopher (May 14)
- Re: Scriptable defense question Kurt Buff (May 14)
- RE: Scriptable defense question Jeremi Gosney (May 15)
- Re: Scriptable defense question R. DuFresne (May 15)
- Re: Scriptable defense question Giuseppe Fuggiano (May 15)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)