Re: unknown process
From: Peter Pentchev (roam@orbitel.bg)
Date: 04/19/01
- Next message: Rasputin: "Re: unknown process"
- Previous message: Dag-Erling Smorgrav: "Re: unknown process"
- In reply to: Dag-Erling Smorgrav: "Re: unknown process"
- Next in thread: Rasputin: "Re: unknown process"
- Reply: Rasputin: "Re: unknown process"
- Reply: Dag-Erling Smorgrav: "Re: unknown process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Apr 2001 12:39:15 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Dag-Erling Smorgrav <des@ofug.org>
On Thu, Apr 19, 2001 at 11:31:26AM +0200, Dag-Erling Smorgrav wrote:
> "David G. Andersen" <dga@pobox.com> writes:
> > You've been hacked. Do what Kris said immediately - take your
> > system offline, and figure out how they got in. You'll likely
> > need to either restore from backups, a fresh install, or check
> > your tripwire/etc logs to determine what else the intruder
> > changed, if they installed a rootkit, etc.
>
> It's not either/or. The only acceptable solution to this situation is
> a complete reinstall from a trusted source (e.g. original CD set).
..and during the install, examine your backups - people have been known
to restore systems from backup, only to find out that the intrusion had
happened *before* the backup; sometimes there are months and months of
accurately backed up backdoors and stuff.
G'luck,
Peter
-- Thit sentence is not self-referential because "thit" is not a word. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Rasputin: "Re: unknown process"
- Previous message: Dag-Erling Smorgrav: "Re: unknown process"
- In reply to: Dag-Erling Smorgrav: "Re: unknown process"
- Next in thread: Rasputin: "Re: unknown process"
- Reply: Rasputin: "Re: unknown process"
- Reply: Dag-Erling Smorgrav: "Re: unknown process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
