Open tomwells98 opened 8 months ago
ActionDispatch::Cookies::CookieOverflow
HomeController#index
New Level: Error ActionDispatch::Cookies::CookieOverflow (ActionDispatch::Cookies::CookieOverflow)
After reviewing the logs, I have found that an actor of unknown origins attempted to compromise the NACS admin service using the method known as "stack based buffer attack". - https://www.rapid7.com/blog/post/2019/02/19/stack-based-buffer-overflow-attacks-what-you-need-to-know/
Given that this attack was followed with a 401 unauthorised, I concluded the attack was unsuccessful.
To prevent this from happening in the future we need to review our WAF rules for the NACS Admin & DNS-DHCP Admin. I will create a ticket for this: https://dsdmoj.atlassian.net/browse/ND-104
What: We need to investigate the NAC sentry alert that was triggered in our slack channel https://mojdt.slack.com/archives/C04MN9N2ZKN/p1705674812352639