Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Looking for help against Chinese Hacking Team
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Tue, 16 Dec 2008 08:53:43 -0500

Great,
If he's looking to stop attacks then he needs to remove the vector through which he is being attacked. IPS devices do not remove the vector, they make an attempt to prevent the vector from being accessed. While I support the use of properly configured and maintained IPS technologies, I'd never recommend using them as a method for remediation because they are only a method for mitigation. Sure mitigation is great, but its not a fix.

With respect to your comment about creating properly designed parameterized stored procedures, it is not "almost impossible" if you architect things properly. You might be able to change a variable from a 1 to a 2 which is technically SQL Injection, but its not usually an SQL Injection Attack that is of any use. The idea here is to prevent SQL Injection Attacks not to prevent people from changing variables that should be harmless right?

        


On Dec 16, 2008, at 8:32 AM, ArcSighter Elite wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RaptorX wrote:
what Adriel meant was PROPERLY DESIGNED Parameterized Stored Procedures, and
I totally agree with him.

Providing a short time solution is a good idea but you have to finish the job properly which in the case of a pen-tester would be report and provide
with a viable (permanent) solution.

I also agree partially with Sam, specially windows systems, after hacked it
is a MUCH BETTER idea to rebuild it improving the security of course.


Well, PROPERLY DESIGNED of course if almost impossible, but you think
this is the case? I repeat myself: he's wishing to stop the attacks, and of course I think/hope he'll take the appropriate measures then. IMHO he
wouldn't be able to fix anything if he is constantly under attack. And
sure, linux is the best solution, even a win port of apache will do
better than IIS, again IMHO. Again, SQL injection could result in a host
compromise, so re-deploying would be the optimal form: ex. instead of
finding rookits, install clean.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR63bH+KgkfcIQ8cRAtEfAKD1RSDlHRt8KKt50BxRVDIWMpcDDACg/MY2
rO6vnTNeQWAilBnNjp79c+8=
=wVY+
-----END PGP SIGNATURE-----

Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]