Re: We've been compromised, now what...

From: Eirik Seim (eirik@mi.uib.no)
Date: 05/29/02


From: eirik@mi.uib.no (Eirik Seim)
Date: 29 May 2002 11:23:02 GMT

On Tue, 28 May 2002 17:32:34 -0400, HC wrote:
>

[snip]

> > I ran Steve Gibson's probe test and didn't see anything out of the
> > ordinary.
>
> Port scanning the system from the outside is a complete waste of time.

While Steve Gibson's probe test (or anything from him, really) is a
complete waste of time, port scanning the system from the outside is
in fact very useful.

It is wise to know what external intruders can find out about your
systems over the internet. You can of cause check your servers and
routers, and make a qualified guess at what an external intruder will
see, but it is useful to actually _know_. Also, the port scanning
should trigger alerts, or at least be logged, so performing this
yourself makes sure this works.

- Eirik

-- 
New and exciting signature!