Reputation filtering can boomerang on you when doing penetration testing

By /

Automating as many processes as possible reduces the time and effort that we have to put into our jobs – but sometimes it also results in unintended consequences. A feature in some IPS systems is “reputation filtering.”  It works by reporting the originating IP address of a detected attack to a reputation service. The address is added to the service’s database, and a score assigned to the IP address. Traffic from addresses that cross a specified score threshold is blocked by the IPS.

That’s all well and good, except when we deliberately attack our own or our clients’ networks as part of penetration testing. If those attacks are detected and your address gets into the database, you may find yourself with a problem. That’s the topic of this post, New Risks in Penetration Testing, by Rob VandenBrink:

http://isc.sans.org/diary.html?storyid=8287&rss

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top