RE: Odd situation, advice needed on penentration test results

From: Vitaly Osipov (wittat_private)
Date: Thu Mar 27 2003 - 00:13:23 PST

Next message: oherrera: "Re: Vulnerability scanners"

Previous message: Desmond Irvine: "re: Odd situation, advice needed on penentration test results"
Maybe in reply to: sarafat_private: "Odd situation, advice needed on penentration test results"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Guys, you are missing something here. The original poster's concern was
what to do with the 0-day exploits, rootkit and sources from security
vendors discovered on the machine. They could simply report to all
vendors involved, but as I understand their client does not want to be
mentioned in the relation to this. This is not a technical, but a
legal/political situation.


Best regards,
Vitaly Osipov, CISSP, CCSE, CCNA




> -----Original Message-----
> From: Harlan Carvey [mailto:keydet89at_private] 
> Sent: Thursday, March 27, 2003 1:02 AM
> To: pen-testat_private
> Subject: Re: Odd situation, advice needed on penentration test results
> 
> 
> Ido,
> 
> > While catching this person is obviously of
> importance, 
> > the more critical step to take is to secure the
> system
> > for forensic analysis.
> 
> I would agree that the system needs to be secured, but
> what good does shutting down the system do if you
> loose all of the volatile data, such as running
> processes, network connections, etc?  How do you trace
> the issue back to whomever is responsible if you don't
> even know what IP address they're coming from, b/c
> you've lost the volatile data?
> 
> > I would recommend that the your
> > client unplug the power from the system (hopefully
> the
> > intruder has not setup a logic bomb that triggers if
> the
> > network interface goes down).
> 
> I'm not sure I completely understand your reasoning
> here.  If you unplug the power from the system, and
> the NIC goes down (due to lack of power), wouldn't the
> system itself shut off?  Wouldn't the hard drive stop
> spinning and the CPU no longer process instructions?  
> 
> If that's the case...how's a logic bomb going to
> execute?
> 
> Thanks,
> 
> Harlan
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your 
> desktop! http://platinum.yahoo.com
> 
> top spam and e-mail risk at the gateway.
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it. See exactly how much 
> junk never even makes it in the door. Free 30-day trial: 
http://www.surfcontrol.com/go/zsfptl1


top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1

Next message: oherrera: "Re: Vulnerability scanners"
Previous message: Desmond Irvine: "re: Odd situation, advice needed on penentration test results"
Maybe in reply to: sarafat_private: "Odd situation, advice needed on penentration test results"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 09:11:55 PST