July 20, 2012 at 1:42 pm #772524772433Participant
I have a question which I hope you can answer from drawing on your own experience or knowledge.
Have you come across any security safe-guards, implemented by your ISP, which have impacted or even prevented your remote scans for the purpose of conducting an authorised pentest?
My ISP (SKY) has an AUP which as I understand it allows ‘Authorised’ scans:
“You must not use Sky Broadband to violate Sky Network’s security or any third party’s system or network security by any method including:
• unauthorised access to or use of data, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network; “
Do ISPs generally block traffic such as NMAP packets or is that left the end user to employ IDS, etc.?
July 21, 2012 at 11:07 am #48209TribanParticipant
Well for the most part it covers their side. They have now washed their hands of whatever you decide to do with their connection. Notice the mention of “Authorized scans.” If you are conducting an authorized pentest, as in the client hired you to do it and they signed a contract giving you permission to hit their network from the outside, then you are performing authorized work. Now what I would recommend is that you do this from a static IP that is possible a business class IP. This way you can inform your client that you will be coming in from a particular IP range so they don’t freak out when their firewalls and IPSes start going off because you tripped an alert. Almost all major ISPs have an AUP and it gives them the right to terminate your contact with them in the event you are found performing unauthorized activity against them or a 3rd party. It is assumed that if you are a professional pen tester, your client has given you that authorization and you can produce the documents proving that in the event you get reported by another party.
July 21, 2012 at 10:40 pm #48210RoleReversalParticipant
I actually had this conversation with SKy when considering switching to them myself. I was informed that authorized testing was ‘probably’ okay, but from their legal and contractual obligations ‘anything’ identified as malicious is a violation of contact and potentially result in loss of service.
From my knowledge of the ISP market in the UK ( and to a lesser extent, further afield) I’d be surprised if they had monitoring on the connections to this degree (or at least don’t act on the information) and any investigation into violation of AUP is likely reactive, if and when a complaint is received. The price point of broadband in the UK doesn’t make it cost effective for ISPs to be that proactive.
That said, the information that I received from them meant I personally went elsewhere for my network connection. Personally I don’t want to have to explain to a client I can’t fulfil a contract as agreed because my ISP has cut me off. You’re ‘probably’ safe performing scans over Sky, but if your performing business level assessments and services, then you should be utilizing a business grade connection, the price difference isn’t too extreme.
Hope this helps, (and let me know if you need a good business ISP 😉 )
July 22, 2012 at 8:06 pm #4821124772433Participant
Andrew, who would you recommend for buisness grade broadband in the UK?
July 23, 2012 at 7:53 am #48212RoleReversalParticipant
Steve, PM sent, didn’t want forum post to turn into a (biased) advert 😉
- You must be logged in to reply to this topic.