Re: Pen Test mistake

From: Ranjeet Shetye (ranjeet.shetye2@zultys.com)
Date: Thu Aug 21 2003 - 17:39:49 EDT


On Thu, 2003-08-21 at 12:24, Jonathan Rickman wrote:
> On Thursday 21 August 2003 00:47, Jeff Johnson wrote:
>
> > How do you handle this situation?
>
> Honestly, I am so paranoid about this that I have always used firewall rules
> (either on the pen-test machine, or a separate device) to ensure that I
> stay "on target."
>
> > Anyone else have any better advice?
>
> Consult an attorney before initiating contact with the accidental victim.

My personal opinion - not that of my company.

1. Best case - The owned are probably clueless even today, but you
cannot depend on this. so pray a little harder for the next one week.

2. Worst case - Dont touch the boxes ever again - even if you think you
can wipe out all traces - they might have noticed and put in safeguards
to track you. So let sleeping dogs lie. Apologize profusely if anything
turns up and blame it on garbage input to your automated scanning
system. If they catch up with you, give them one year of free security
services etc, whatever it takes to stay out of court.

3. Just in case - Institute a web based or email based system so that
all you EVER do is CUT and PASTE the IP address, as inputted by your
client. The primary reason for doing this is to reduce as much human
interaction/typo/etc in the transfer of the IP address from your client
to your scanning system.

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT