search

ministryofjustice / nvvs-devops

Documentation for the NVVS DevOps Team
https://ministryofjustice.github.io/nvvs-devops
MIT License
4 stars 0 forks source link

Investigate sentry alert #607

Open tomwells98 opened 8 months ago

tomwells98 commented 8 months ago

What: We need to investigate the NAC sentry alert that was triggered in our slack channel https://mojdt.slack.com/archives/C04MN9N2ZKN/p1705674812352639

juddin927 commented 8 months ago

ActionDispatch::Cookies::CookieOverflow

HomeController#index

New Level: Error ActionDispatch::Cookies::CookieOverflow (ActionDispatch::Cookies::CookieOverflow)

https://ministryofjustice.sentry.io/issues/4890955616/?project=6043910&query=is%3Aunresolved&referrer=issue-stream&stream_index=0

jamesgreen-moj commented 7 months ago

After reviewing the logs, I have found that an actor of unknown origins attempted to compromise the NACS admin service using the method known as "stack based buffer attack". - https://www.rapid7.com/blog/post/2019/02/19/stack-based-buffer-overflow-attacks-what-you-need-to-know/

Given that this attack was followed with a 401 unauthorised, I concluded the attack was unsuccessful.

To prevent this from happening in the future we need to review our WAF rules for the NACS Admin & DNS-DHCP Admin. I will create a ticket for this: https://dsdmoj.atlassian.net/browse/ND-104

jamesgreen-moj commented 7 months ago

log-events-viewer-result.csv.txt