The stuff posted in this site is about as close as you can get to having the real thing hit your website. Mostly, this stuff is benign. Occasionally, there are things in a post that if you were to copy and paste them in the right context you could potentially damage yourself, someone else, or both. With that being said, let’s all be grown-ups about this and not shoot our own feet. Sound good?
I’m not going to provide every step of the path that will take you from script kiddie to Ub3r-l33t-Haxx0r. Primarily, I don’t *know* the steps to get you there. I derive a lot of joy in looking through these attacks and seeing how they work. If I can raise some awareness about the kinds of attacks I’m seeing, hopefully it’ll raise the level of healthy paranoia and people will do more to secure their systems (patch & protect, folks..) While showing off some of the things seen coming into this site, a person could probably grab copies of these tools and launch an attack against a fellow human. All I can say it, *you are on your own*. I am not making you do it. You own your actions, not me. When the feds come knocking on your door, the “Attack of the Day made it look easy, so I did it” isn’t going to be a very compelling defense.
TLDR – You are responsible for your own actions. Don’t be stupid.
What this Project is All About
The first batch of posts I did for this project was really about filling up space on this website. It was initially like “Brad Stories” in that I needed stuff in this site so I could test things against it. After casually mentioning this to a co-worker, they loudly exclaimed the brilliance of the idea and I was all like, “Well yeah, that’s totally why I was telling you… It’s brilliant, right?” *ahem* At any rate, it’s good that he saw value in the idea because it encouraged me to continue. Really, we’re just trying to accomplish a couple of things:
- Show the actual attack as seen by the device so other people can hopefully benefit.
- Provide a high-level walk through of the attack using the actual attack as an example.
- Teach myself about different attacks in the process.
- Raise the level of healthy paranoia for people that are outside of the security space.
- I saw a tweet about this not too long ago.. Wish I could find it for attribution, but it was something like, “The bad part about security conferences is that one is left with the impression that world is collapsing around you”
- *Occasionally* point out why the product used in this lab does something very well or very poorly. This certainly will NOT be a commercial.
What this Project is NOT About
- We are NOT about busting people perpetrating these attacks..
- We are NOT hunting down the attacks and notifying the affected parties..
- We are NOT doing in-depth analysis of each attack to build new mitigation techniques
- We are NOT directly making any money from this.. (I am in security sales, however)
- We are NOT a security research company looking for the next big 0day. We are simply “reporting the news”, as it were. Our news just happens to be a little more in depth than what you might find on CNN (most times, at least).
I’ve been doing security type things on and off for a long time. This is purposefully vague to not reveal true age.. I’m old, lets just leave it at that. As a part of my current day job, I am the technical part of a team that sells a web app firewall product, among other things. While learning more about this specific product, I began to better understand just how much I did not know about Web Application security.
Twitter: @routerjockey – I see this often, but rarely post.
Email: brent .a.t. planetspork d.o.t com – I do read this most days.
Frequently Asked Questions
Well, there haven’t been many yet. Based on the type of content posted so far, I can predict at least one question. As more come in, they will be added to the list.
Q: Hey.. You’ve posted about an IP that I own. I’m scared that you’ve written it down for all the wily hackers to see and use. Please remove it.
A: Probably not going to happen, for a couple of reasons.
- Your IP address is already known by the wily hackers. IPv4 is a very finite list of addresses and bots are scanning them *all the time*. The fact that it was written down here has ZERO affect on the number of attacks against your site.
- If you have a website then your information is already out there. It’s in DNS and in the whois database, at the bare minimum. See reason #1.
If you believe that having your IP address/business name listed here is negatively impacting your business image, then please provide evidence of such damage and I’ll *consider* redacting the offending information in the post.
Q: Who do you work for? What product do you use?
A: I work for F5. Things written at Planetspork are the thoughts or ideas of Brent Imhoff. I speak for myself, not F5. They have they’re own opinions of how things work. Knowing where I work, you can probably derive which products I may or may not be using.. 🙂