Gents,
Since I haven't seen anything like that before, I would like to open a
discussion on what problems you have caused on production environment while
performing pen-testing.

From the e-mail of our colleague Brahnda sent few days ago, I see that small
unpredictable situations might rise even when we thing everything is under
control. :)

It would be nice to hear your "issues", maybe we can use the mail thread as
a checklist in the future to not cause any chain (Butterfly effect) problems
when performing pen tests.

Below I list some unexpected situations myself and colleagues witnessed
throughout our careers, when being pen/stress-tested by third parties:

- Scanning of web application with automated tools: Some pages can contain
forms for e-mail submittal. If SQL Injection brute force attack is performed
in such a page, you can either clog a vital business mailbox with trash, or
cause a DoS if smtp relay crashes.
- Port scanning of production servers - some IP stacks are not able to
handle even "simple" port scans. Services can hang (RPC in our case). Issues
are known with AS/400, HPUX and Solaris OS.
- stress-testing using windows XP: I once got a report from a Microsoft
Certified Partner that our e-commerce website couldn't handle more than 100
connections simultaneously. After sending developers, network architects and
security specialists to verify what was happening, it was found that the
operation system used for the scan was windows XP, which couldn't handle
more than 10 connections at once... and yes, the guy was MCSE... :)

It is always good to share experiences, even the bad ones :)

Adriano

0? *?H?÷

 ?0?

10 +0? *?H?÷


 ?¥0?Î0?¶ 

¡³0
 *?H?÷


0o10 UUS10U
California10U
Burlingame10
U
DHL10USystems10U
DHL Global CA0
071114143344Z
081113143344Z0?10U
dhl.com10
Uprg-dc10 Uea10UAdriano Leite (DHL CZ)1)0' *?H?÷


Adriano.Dias.Leite (at) dhl (dot) com1 [email concealed]0
?&??ò,d

aleite0?0
 *?H?÷



0?Ðþ
rÛü=MlÙÔJß'ù[&ALP$é®1é?CøØ!ñ?$Ç?ï¯EY~_â*ÿ?½§ æO<? ü¨å@¶P£?ËÝqÒçw9>ªã¦éüh_ù6ìÜÛoâ?y×?³]¶ã_?2q­yUþ^§µÌV?±ß?ö®×X´7

£Ð0Í0 `?H
?øB

 0U

ÿà0%U0Adriano.Dias.Leite (at) dhl (dot) com0 [email concealed]
U#0?=¸î½Ü6và$QMËe»Ôp05+


)0'0%+
0
?http://amcm
s.dhl.com/ocsp0)U%"0 +
+

+

?7
0
 *?H?÷


?

??Æá³ÈÄkÊ7H;? M§*?¹@l$ãþ«±Qò?1o?#
ô,fU??Çd§°þ? w?wpQ&?Êæ$?G¿DƹpZ?xÎÅ
­QXYbç5ÒÕ»È?6Jö?dZÒ$FáÿÒ?aASIww}tzZøµÎ^tÕª??ª?Ãh  £u?­«zbjîó F7ì)©¢?zÛ]±?uþs
&å^H¨·-ä%?ååºüÀ¹ØÕÁ¢??4OX¡jü+?ócL ÐìÑ?à? ÄO5y08EáÄ?tܺöö?lL~ì§r¡!?V???0?Ï0?· 

0
 *?H?÷


0o10 UUS10U
California10U
Burlingame10
U
DHL10USystems10U
DHL Global CA0
010529070000Z
110529070000Z0o10 UUS10U
California10U
Burlingame10
U
DHL10USystems10U
DHL Global CA0?
"0
 *?H?÷



?
0?

?

±vkÞ/ÚÞ¾Ú¦?\Ùêz¸
Cnv¶N8L/Yï]½ûä?Ô%?ø?yåj?ù??ÅÈÐ???oÐ?¦E¹üðG?òñZç­,␠P¶?SÊ)?sì)¿,T?¨QÚ!Ofï]gú©ÃƸ
?eµW
æ=?
BÒ=Ê?õjq­¸h¨p?\päun§Év·»!ÂvÑÓ¸F¨üNÛ7¢ô;;!Ä";WV«?©Tʤ)ä?~J/ØRÃÃÂa6¹
óç?3Ôm\®£]
fQ½Ç±èÌ'Þg^rõNÚJÖV?M biø?lVû@?ªG+G-ÂD?̹

£v0t0 `?H
?øB

0U

ÿ0

ÿ0U=¸î½Ü6và$QMËe»Ôp0U#0
?=¸î½Ü6và$QMËe»Ôp0U

ÿ
?0
 *?H?÷


?

_V?8
??%XÌèI³ÁóG?Sr¨µ¸?Fð^ëKÔ¯c-óX?áð^Þ@$°¥ëM
¬ñÝF°çô?7Ðl?Ûw+AM1O-?ÊÎ;8?Ôɬ¡>xÖʧJ5>$óB5/@}ÍŸC%Ë?ÍñÕL?i_ã\Q¿´ÚÇù
7ÑéXH?ÄcɤTÈ??­LùµeÇíÜ*?8Æð^?Üc<;HWU*`²ø~Ì?ãbKf¹?#eIßróòK?
Z¹1o¹ö
ZºÉTqì[um ö
îYÎw?ÖäN*qêF??ϺÖ?=g?P?A;pJ?ÇZäkôô]rÉ o1?ø0?ô

0v0o10 UUS10U
California10U
Burlingame10
U
DHL10USystems10U
DHL Global CA
¡³0 + ?
Ø0 *?H?÷

1 *?H?÷


0 *?H?÷

1
080527081013Z0# *?H?÷

1c®÷©8VË:Qümûó]ö¤?0g *?H?÷

1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷

@0+0
*?H?÷

(0+0
*?H?÷
0? +

?71x0v0o10 UUS10U
California10U
Burlingame10
U
DHL10USystems10U
DHL Global CA
¡³0?*?H?÷

1x v0o10 UUS10U
California10U
Burlingame10
U
DHL10USystems10U
DHL Global CA
¡³0
 *?H?÷



???NØ5Û&(Äá)J¸J¨ïÛú¯ED?µ±?Æ×pSFëÉûNÐ?Ø?XZ@ÝñÍme-·?ioÓ
�
?î hü(3¶?ó=ì?§6'2áoÖq¢ñÕ%ÓÕwìA?ÒÉ?¿KR??Ù±]¾??$¶{ÿa´
${n×Lùê$?k

[ reply ]