Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Looking for help against Chinese Hacking Team
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Sat, 13 Dec 2008 16:35:41 +0000

2008/12/13 harveyfrank <joet () ticadvisors com>:

We've been battling the Chinese for several months now and have gone through
several waves of US  security experts who have failed to stop them. In their
defense, we are not on an unlimited budget and they've gotten us to a point
where it looks as though somewhere among the site's 400 scripts is a SQL
injection vulnerability.

Automated testing by a few pen test products seems to think we're fine. We
definitely are not.

Is it possible to hire a CEH to find the Chinese-discovered vulnerability
for a few hundred dollars? (We aren't just being cheap, we've blown our wad
on security that hasn't worked.) Would someone with intimate knowledge of
the latest wave of Chinese attacks be required for this job? Besides our
first rate security team that's just been beat, I've tried the $200 pen test
folks and they have all failed. Microsoft security help has also failed.

Advice (Besides porting to Linux)? Help?

Quickest way I know would be to set up an apache reverse proxy using
mod_security - that would have blocked all of the SQL injection
attacks I've seen, and the ones I've seen described. I'm sure there is
a Microsoft way to do the same thing, but I'm more of a Linux guy. The
HTTP requests would all come to the Linux box, which would sanitise
them and pass the safe ones on to IIS.

If you've got the hardware lying around, this should only take about a
day or so setup, depending on how much experience you have with Linux.

Someone's suggesting doing it all on your IIS server by changing the
IIS port and running apache/mod_security on that, if you prefer:

Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]