Re: ICMP floods
From: Alfred Perlstein (bright@wintelcom.net)
Date: 02/19/01
- Next message: Poul-Henning Kamp: "Re: ftpd's read-only mode"
- Previous message: Andy Kim: "ICMP floods"
- In reply to: Andy Kim: "ICMP floods"
- Next in thread: Thomas Cannon: "Re: ICMP floods"
- Reply: Thomas Cannon: "Re: ICMP floods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Feb 2001 13:20:29 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Andy Kim <andy@internetesl.com>
* Andy Kim <andy@internetesl.com> [010219 13:18] wrote:
> Some of the servers have been getting hit several times with ICMP
> floods from our FreeBSD server and we can't figure out why. They
> believe that someone had hacked in and put a trojan on our box.
> Is there any way of finding out what's going on and more importantly,
> how to fix the problem? Any help would be greatly appreciated as
> I am rather new to FreeBSD.
First off, please wrap lines at 70 characters.
As far as "recovering" this machine, your best bet is to do a backup
of all the _data_ (NOT executables) on the mahcine, ie, html, or
whatever, then do a complete reinstall. Otherwise you risk a
backdoor remaining in the system and wasting even more of your time
and reasources.
-- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Poul-Henning Kamp: "Re: ftpd's read-only mode"
- Previous message: Andy Kim: "ICMP floods"
- In reply to: Andy Kim: "ICMP floods"
- Next in thread: Thomas Cannon: "Re: ICMP floods"
- Reply: Thomas Cannon: "Re: ICMP floods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
