Results 1 to 6 of 6

Thread: Help! Need Audit Reponse Asap!!!

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    140

    Help! Need Audit Reponse Asap!!!

    ****'s scanning process determines whether the IP address is reachable. If the IP address is reachable, more comprehensive scans are then performed. ****’s External Intrusion Testing revealed traceroute vulnerabilities on each server, and an ICMP vulnerability on the ***.***.**.*** host. These are all low-level vulnerabilities.

    Recommendation
    Prevent or limit external tracerouting into internal networks using packet filtering.

    This is from an external Audit just done there is a aplce for my reponse but I am not sure what to say...
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I think your response should be:

    I will be implementing your recommendations as soon as possible.
    Then do some research on packet filtering or ask questions here on how to configure your systems to meet their recommendations.

    Cheers:
    DjM

  3. #3
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Did you have permition to run this audit?

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Cybrid: Yeah.... "That's typical auditorspeak"

    Jason:

    It sounds to me like you allow ping through the firewall to the servers in question... You shouldn't. I allow pings as far as my border router only to prove that the T1 itself is up. After that there are other ways of determining whether the boxes themselves are up. Block ping at your firewall and tell them that is what you have done. It's not foolproof but it will see if they know what they are doing. If they say "good, all fixed" never use them again. The proper way to do it would be to block ping inbound _and_ block ICMP Time Exceeded messages outbound for those that would try to use known open ports on the firewall to the servers to determine the internal structure.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Cybrid: Yeah.... "That's typical auditorspeak"
    Cool...thanks I just thought it was a random audit by someone who found vulnerabilities and doesn't know how to inform them.

    You can also try running a couple of auditing tools on your own, see if they might have missed something....after you follow Tiger's suggestion to see if they know how to tie their shoes .

    Take care.

  6. #6
    Junior Member
    Join Date
    Nov 2004
    Posts
    13
    Having been through and performed several audits, your recommendation should be something like:

    ICMP and ICMP echo will be disabled via the implementation of xxx filtering using xxx technology. We anticipate completion of these additional filters by xxx date.

    -----

    If you already have a firewall in place, just turn off all ICMP/Ping and ICMP echo inbound. Regardless of the audit findings, its the prudent security approach anyway.

    Good luck! Failed audits have led to terminations before - especially now with SOX404 hanging out there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •