[Dailydave] Location Location Location
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Sat Oct 27 12:52:16 EDT 2007
On 10/27/07, Dave Aitel <dave at immunityinc.com> wrote:
> A common situation in our penetration tests (and yours) is that we get
> an IP range and some verbal information about it. For example: "This
> is our New Jersey Data Center". Sometimes the IP range you get is off
> by a digit, or was mistyped, or is , in fact, a California data
> center. For a long time now, CANVAS has had GEOIP support built in,
> so that you could avoid attacking countries you didn't want to attack,
> but now it's much much cooler...
Hehe, what's funny is that what you say is so true! What is the
proper way to remediate a situation where say you, for instance like I
did a few weeks ago, penetrate someone else's server by accident?
Then you let the admins know about it and they say "oh crap, our
provider snatched that IP range back from us without asking -- we
don't know why! Please ensure this ASN only..." O_o !!!
So now what is a pen tester to do? There are some boxes hanging
around out there on the net pwned, but you don't want to say anything
because they weren't yours to hack in the first place!??! What is the
proper etiquette here? If you inform the party, maybe they will want
to sue you for damages. On the other hand, they are vulnerable. Who
has been in this situation before?
> CANVAS World Map Demo (flash):
> http://www.immunityinc.com/documentation/mappingbeta.html
>
> Uplink hacking game screenshot:
> http://www.uplink.co.uk/cgi-bin/screenshots.cgi?pic=uplink4.gif
Is uplink really that cool?!!?? I tried it once, but I thought it was
pretty lame. Maybe I didn't give it enough time to enjoy the plot...
> The point is, location matters. Both network location (we're working
> on a Visio-like scrap-pad so you can say "firewall is here") and
> physical location. For example, perhaps you have a client-side exploit
> you've spammed to thousands of people in the company, but you only
> want to own people who are not in HQ, because HQ is full of
> programmers and other IT specialists. Or perhaps you just want to
> visualize what you're doing so you can better understand where the
> problems in the network are. Location gets you when people go off of
> work, when the holidays are, and what the default language is.
>
> And it's darn pretty. :>
Good stuff dude. And have you ever seen/used xtraceroute? Similar
implementation...and open source!
--
Kristian Erik Hermansen
More information about the Dailydave
mailing list