Re: Have I been kitted?
From: Patrick Andry (pandry@wolverinefreight.ca)Date: 06/12/02
- Previous message: Matthew Berg: "Re: Have I been kitted?"
- In reply to: Terry Browning: "Have I been kitted?"
- Next in thread: Ben Boulanger: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jun 2002 08:33:53 -0400 From: Patrick Andry <pandry@wolverinefreight.ca> To: focus-linux@securityfocus.com
You should probably re-install, but if it's at all possible, keep the
box around and try to figure out a number of things:
How the attacker got in.
What Rootkit was installed.
What did the rootkit do (transfer files, create a backdoor, etc..)
Who the attacker was.
Just putting the box back up from source media won't do any good if the
source media has a security hole in it.
Does anyone know of any processes which are hidden by design from ps,
but are not trojans/malware?
> What is the best strategy for dealing with an LKM kit? Reinstall
> linux from CD or try to remove it?
>
- Previous message: Matthew Berg: "Re: Have I been kitted?"
- In reply to: Terry Browning: "Have I been kitted?"
- Next in thread: Ben Boulanger: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
