Re: Hacker on my system ?
- From: Chuck <skilover_nospam@xxxxxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 18:54:35 GMT
Nico wrote:
Chuck wrote:
Who's to say the format utility isn't compromised as well? I'd boot from
a CD-ROM (something non-writable) and do the format from there.
That's how you normally reformat the / partition, where core software
lives.
Now, I'd invest in a second disk if feasible, install the new OS on the
second disk with only critical text configuration files brought over
from backup, very, very carefully, and set aside the first disk for
examining as a spare drive in a safe environment (such as booting from
a Knoppix LiveCD) to apply some analysis to it and look for traces in
the logs.
Assume also that every password and account on that system have been
sniffed and cracked: if you haven't been paying attention to how to
protect your systems from an attack from the inside, you are now very
vulnerable to any accounts that existed on that system.
IOW change all passwords.
If there were any unencrypted private keys stored on the box assume they
are now compromised. Remove the corresponding public key from all
servers immediately and generate new keypairs. This goes for SSH as well
as PGP and GnuPG.
.
- References:
- Hacker on my system ?
- From: sdonnet
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: sdonnet
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: Unruh
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: Grant
- Re: Hacker on my system ?
- From: Chuck
- Re: Hacker on my system ?
- From: Nico
- Hacker on my system ?
- Prev by Date: using ssh-keygen to create identical keys
- Next by Date: Re: using ssh-keygen to create identical keys
- Previous by thread: Re: Hacker on my system ?
- Next by thread: Re: Hacker on my system ?
- Index(es):
