Re: compromised network
From: Alvin Oga (alvin.sec_at_Virtual.Linux-Consulting.com)
Date: 12/30/03
- Previous message: Kelly Martin: "SecurityFocus new article announcement"
- In reply to: Raoul Armfield: "RE: compromised network"
- Next in thread: Yvan Boily: "RE: compromised network"
- Reply: Yvan Boily: "RE: compromised network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: armfield@amnh.org (Raoul Armfield) Date: Mon, 29 Dec 2003 17:02:00 -0800 (PST)
hi ya
> Best bet is to reinstall OS and software from known good media and
> restore data from backups
i say ... resinstall is about the worst possible things to do
what you want to ( need/should ) do as you notice a hacked box ...
- you should know who hacked your box
- you should know how they got in
- you should know what other machines they attempted to break into
- you should know when they come in
- you should know who else has access to your box
- you should know why they got into your box
- you should know how to stop them from coming in again
- you should know when the 1st time they got in ... and how many times
they got in
if you dont know any of the above, hire someone or find the
security dude at your isp and tell him your box at ip# 1.2.3.4
is hacked and they can answer all of the above questions for you
after the seucrity dude says, they have all they need,
than you can either erase the disk and re-install and fix
the hole and/or you have to leave the machine alone as evidence
for trail
c ya
alvin
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Kelly Martin: "SecurityFocus new article announcement"
- In reply to: Raoul Armfield: "RE: compromised network"
- Next in thread: Yvan Boily: "RE: compromised network"
- Reply: Yvan Boily: "RE: compromised network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
