Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: dmc () digitalapocalypse net
Date: Mon, 30 Oct 2006 18:14:16 +0100 (CET)
Indeed you would expect people to be immune and sufficiently patched against all the simplistic old attacks. However, this is not always the case and I've often seen systems during pen tests that have escaped the patching cycle. I don't think IDS/IPS systems are the be all and end all of securing your network but they are definitely not just a check in a box. For example, I performed a pen test just a few weeks ago for a large, reputable company. Said company had an IPS system in place and requested that we performed the test in both scenarios, with and without the IPS. On the companies main web site we found a subtle SQL injection, permitting SQL to be injected into a backend database. At first we were able to successfully inject some statements into the database to pull back things like version information and perform a little enumeration. However, when trying to go for the really juicy stuff like a xp_cmdshell or data from the useful tables I found my connection was continually dropped. After a number of hours fiddling around I eventually had to ask them to remove us from the IPS blacklist and in doing so we gained full access to the DMZ segment. Now, there probably is a way to bypass the IPS but in this instance the IPS correctly protected the company from a full compromise and just paid for itself. Whether or not the vulnerability should of existed in the first place is a different matter. - dmc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Johnson wrote:Part of any defense is the ability to detect when things fail. I think that we want to throw out technology because it doesn't do everything. I see every day systems being attacked by simplistic old attacks that IDS systems can warn you about.I might be missing something, but I really don't get why we should care about all those "simplistic old attacks" - shouldn't we already be immune to them? joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFRMSxORdkotfEW84RAngOAJ0flOa4OlQTgWWbUtb83joqRp/RegCgtuHV B/EYSHkr9OyoEdxf99TAfn8= =3Q4d -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: lots of monkeys staring at a screen....security?, (continued)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 30)
- Re: lots of monkeys staring at a screen....security? Ross Brown (Oct 31)
- Re: lots of monkeys staring at a screen....security? Jan Münther (Oct 29)
- Re: lots of monkeys staring at a screen....security? dmc (Oct 30)