Re: We've been compromised, now what...

From: HC (keydet89@yahoo.com)
Date: 05/30/02


From: HC <keydet89@yahoo.com>
Date: Wed, 29 May 2002 22:51:58 -0400


> While Steve Gibson's probe test (or anything from him, really) is a
> complete waste of time, port scanning the system from the outside is
> in fact very useful.
>
> It is wise to know what external intruders can find out about your
> systems over the internet. You can of cause check your servers and
> routers, and make a qualified guess at what an external intruder will
> see, but it is useful to actually _know_. Also, the port scanning
> should trigger alerts, or at least be logged, so performing this
> yourself makes sure this works.

While this is true for performing a vulnerability analysis of a system,
it's a complete waste of time for an already-compromised system. Port
scanning leads to too much ambiguity...this can be easily seen over on
the Incidents list at SF. A much better use of time and resources is to
perform a process-to-port mapping, in order to determine which
application is using which port. This way, there is no ambiguity,
guessing, or speculation. This is extremely important when you consider
the fact that most trojans are configurable as to which port they use.



Relevant Pages

  • Re: ntp survey
    ... Port scanning is bad. ... There have been interminable arguments as to whether or not port scanning ... Well, the ntp survey is a "port scan " (one port, but getting no trivial ... Not all the people banging on that box are running port scans, ...
    (comp.protocols.time.ntp)
  • Re: Weve been compromised, now what...
    ... port scanning the system from the outside is ... Also, the port scanning ... While this is true for performing a vulnerability analysis of a system, ... it's a complete waste of time for an already-compromised system. ...
    (comp.security.misc)
  • Re: Weve been compromised, now what...
    ... port scanning the system from the outside is ... Also, the port scanning ... While this is true for performing a vulnerability analysis of a system, ... it's a complete waste of time for an already-compromised system. ...
    (comp.security.misc)
  • Re: Weve been compromised, now what...
    ... port scanning the system from the outside is ... Also, the port scanning ... While this is true for performing a vulnerability analysis of a system, ... it's a complete waste of time for an already-compromised system. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Using privilied ports <1024 with Java
    ... And they all either cost extra money, or waste system resources. ... from 80 to port 8080? ... Or waste resources loading firewall-level drivers on a machine that doesnt ...
    (comp.unix.solaris)