Sean Boyle wrote:
>
> Actually, execs like to see an immediate threat. If you start recording
> some of the 'bad' traffic being directed your way, compile it into a
> reasonable report (foils), you'll probably get further. Risk is a
> difficult thing to demonstrate to those who don't believe it exists for
> them, that is, unless the person expressing concern over the risk is a
> stockholder or the press.
Excellent suggestion!!!! Make sure you resolve the DNS names and
make it a point to show the (indicated) source countries too.
The wide distribution of scans and probes will really open some eyes.
Also, demonstrate Back Orifice or some other remote trojan showing
a screen, keylogs, etc. and have them imagine its on the payroll
administrator's PC.
Finally, if they ask for more proof, get or write a scripted exploit
(a DoS will probably do) and run it at a scheduled time making sure
they understand a 15 year old on the other side of the world is
capable of doing the same thing.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
