I have a client who's done the right thing, they've broken out their test environment from their production environment. The production environment is in a colocation facility, and uses a different firewall. The test environment is in the office location, and shares the office subnet and the office firewall. So sort-of the right thing, they're moving in the right direction - I would have given the test lab it's own firewalled DMZ subnet.
You'd be surprised what a full port scan might find - those issues we're stuck with on open ports on home firewalls (https://isc.sans.edu/forums/diary/Scans+Increase+for+New+Linksys+Backdoor+32764+TCP+/17336 and https://isc.sans.edu/diary/Exposed+UPNP+Devices/15040 for instance) would have been caught a long time ago if more folks scanned their infrastructure from the untrusted outside network! Mind you, typically home users never patch their firewalls anyway, so all those open PNP and other backdoor ports are with us for the long haul now.
=============== |
Rob VandenBrink 578 Posts ISC Handler Feb 10th 2014 |
Thread locked Subscribe |
Feb 10th 2014 8 years ago |
Where they attempts to connect on 3389 or actual established authenticated sessions? Either way I wouldn't be happy but they are significantly different.
|
Anonymous |
Quote |
Feb 11th 2014 8 years ago |
I find the Chinese attempts to "hack" open ports relatively half-hearted. Rarely does a Chinese IP try to seriously brute-force a password. Maybe a Chinese reader can verify this, but I suspect a standard cybersecurity syllabus being taught widely in junior colleges, etc, country wide. The probes come from IP blocks "from everywhere" in China. Although they could come from a bot net as well, but a bot net that's largely concentrated inside the country.
I think they're doing both themselves and the rest of the world a favor with these basic obvious probes - they learn cybersecurity, and maybe all of us learn to configure and tune our IDS techniques. It would be interesting to snare one of these probes with a honeypot and see what they are after, if anything. "Free Pen Tests from our friends in China"! |
Anonymous |
Quote |
Feb 11th 2014 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!