RE: Odd situation, advice needed on penentration test results

From: Vitaly Osipov (witt@infosec.ru)
Date: Thu Mar 27 2003 - 03:13:23 EST

• Next message: oherrera: "Re: Vulnerability scanners"
• Previous message: Desmond Irvine: "re: Odd situation, advice needed on penentration test results"
• Maybe in reply to: saraf@hushmail.com: "Odd situation, advice needed on penentration test results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys, you are missing something here. The original poster's concern was
what to do with the 0-day exploits, rootkit and sources from security
vendors discovered on the machine. They could simply report to all
vendors involved, but as I understand their client does not want to be
mentioned in the relation to this. This is not a technical, but a
legal/political situation.

Best regards,
Vitaly Osipov, CISSP, CCSE, CCNA

> -----Original Message-----
> From: Harlan Carvey [mailto:keydet89@yahoo.com]
> Sent: Thursday, March 27, 2003 1:02 AM
> To: pen-test@securityfocus.com
> Subject: Re: Odd situation, advice needed on penentration test results
>
>
> Ido,
>
> > While catching this person is obviously of
> importance,
> > the more critical step to take is to secure the
> system
> > for forensic analysis.
>
> I would agree that the system needs to be secured, but
> what good does shutting down the system do if you
> loose all of the volatile data, such as running
> processes, network connections, etc? How do you trace
> the issue back to whomever is responsible if you don't
> even know what IP address they're coming from, b/c
> you've lost the volatile data?
>
> > I would recommend that the your
> > client unplug the power from the system (hopefully
> the
> > intruder has not setup a logic bomb that triggers if
> the
> > network interface goes down).
>
> I'm not sure I completely understand your reasoning
> here. If you unplug the power from the system, and
> the NIC goes down (due to lack of power), wouldn't the
> system itself shut off? Wouldn't the hard drive stop
> spinning and the CPU no longer process instructions?
>
> If that's the case...how's a logic bomb going to
> execute?
>
> Thanks,
>
> Harlan
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your
> desktop! http://platinum.yahoo.com
>
> top spam and e-mail risk at the gateway.
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it. See exactly how much
> junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1

• Next message: oherrera: "Re: Vulnerability scanners"
• Previous message: Desmond Irvine: "re: Odd situation, advice needed on penentration test results"
• Maybe in reply to: saraf@hushmail.com: "Odd situation, advice needed on penentration test results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:31 EDT