Vulscan/Pentest over WAN – ISP issues?

Viewing 10 reply threads
  • Author
    Posts
    • #7982
      carbonated
      Participant

      Hi there,

      I received a request from a colleague to run some vulnerability scans on a public-facing box he’s about to go live with. He is 100% willing to write me a formal letter of request to perform the scans, and specify the extent of the testing authorized. However, I’m wondering what the best practice is when doing this over from residential ISP. Are there friendly cloud/VPS providers you’d suggest? Is this type of thing allowed by ISPs without violating the ToS? My fear is that I’ll start some basic scanning and have my internet access shut off, and have it take a while to sort out by presenting the proper authorization documents to the ISP. Any help is appreciated!

    • #50683
      m0wgli
      Participant

      Once you have obtained written permission from the explicit owner of the box, consult with your ISP. Ultimately, they are the only ones who will be able to tell you if you are violating their ToS.

    • #50684
      MrTuxracer
      Participant

      I agree with m0wgli. Most of the providers have a “compliance with all laws” part in their ToS which basically says that you have to take care of all applicable laws and regulations from the country of your provider and your country. So your best bet would be to ask your provider directly.

    • #50685
      carbonated
      Participant

      Thanks folks. I spoke with a representative with Time Warner Cable; he told me that this is NOT a violation of ToS and is “absolutely okay” as long as its done with consent, and isn’t being done maliciously. He was even nice enough to email me a summary of our discussion “just in case.”

    • #50686
      dynamik
      Participant

      You might want to also check if they block any traffic on their residential connections (you may not get an entirely honest answer here though).

      For example, an ISP may only allow 80 and 443 inbound for business accounts. Was a service not vulnerable to an exploit, or did your reverse shell fail because that traffic was silently blocked by your ISP?

      If you don’t want to go the business account route, check out http://www.arpnetworks.com/ for an affordable VPS.

    • #50687
      BillV
      Participant

      I agree with the above comments.

      You may also want to check VPSCOLO for cheap VPS options. I pay about $50/year with them. They didn’t have any problem with me doing any sort of testing.

    • #50688
      tturner
      Participant

      @ajohnson wrote:

      If you don’t want to go the business account route, check out http://www.arpnetworks.com/ for an affordable VPS.

      I really am not a fan of VNC for any systems I am storing sensitive data on … 🙁

      I do like their prices though, am currently using https://www.linode.com/ 1024 w/backup now and that winds up running me about $15 more a month than arpnetworks. I’ve been very happy with their service but this discussion prompted me to look for some other cheaper options. I used the hackingmachines BT5 VPS for awhile and am technically still a customer but theres no management and its really expensive.

    • #50689
      dynamik
      Participant

      @tturner wrote:

      I really am not a fan of VNC for any systems I am storing sensitive data on … 🙁

      Was that a typo for VPS, or are you referring to the VNC management? You can upload SSH keys over HTTPS and use VNC over an SSH tunnel.

      Regarding VPSes in general, you can implement disk encryption, change root passwords, and implement any other control or hardening procedure. With that level of control, I don’t see it being any less secure than collocating a server.

      Also, aside from network-intensive activities like nmap scans, I primarily use it as a proxy. This is especially true for GUI tools like Burp that I’d rather run locally.

    • #50690
      rattis
      Participant

      @tturner wrote:

      I do like their prices though, am currently using https://www.linode.com/ 1024 w/backup. … I’ve been very happy with their service but this discussion prompted me to look for some other cheaper options.

      I’ve got the same without back up. one thing I have been really impressed with is their security responses. I’ve had a few automated SSH Brute force attacks hit my server from other linode customers. They have been very prompt to respond.

    • #50691
      tturner
      Participant

      @ajohnson wrote:

      @tturner wrote:

      I really am not a fan of VNC for any systems I am storing sensitive data on … 🙁

      Was that a typo for VPS, or are you referring to the VNC management? You can upload SSH keys over HTTPS and use VNC over an SSH tunnel.

      Yeah I was referring to VNC for console access. Have not used their service so was not sure how much control you had over the console (assumed was shared) to lockdown VNC but not sure why they wouldn’t use something like nxserver to shovel X11 over SSH. It’s a much more secure config in my opinion. It’s not free but neatx or freenx implement the GPL’d libraries from the commercial version and work just as well. I use FOSS nxserver versions (usually freenx) with the commercial client (also free) and find it to be a much better way to manage via GUI.

    • #50692
      dynamik
      Participant

      VNC is used for out-of-band management, so you can get into the BIOS, etc. As I mentioned before, you can tunnel that over SSH.

      Whether you install the OS yourself, or go with one of their default builds, you can install whatever software you want and use that. You’re not required to use VNC for remote administration.

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?