Date: Sun, 22 Jul 2001 03:56:26 +0200 (SAST) From: The Psychotic Viper <psyv@root.org.za> To: freebsd-stable@FreeBSD.ORG Subject: Re: probably remote exploit Message-ID: <Pine.BSF.4.21.0107220333420.21423-100000@lucifer.fuzion.za.org> In-Reply-To: <15194.2597.335066.379263@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I have been watching this thread since it started and this may be off topic but may give another view point to things. The last post by Mike outlining the multiple trigger trojan system is one of the major reasons why as a rule of thumb in a lot of security and penetration forensics circles is to take a flatten systems and build them a new, from scratch. You never know whats been done to your system once its been compromised unless you watched the cracker step by step, and even then I personally wouldnt trust that box after undoing what I *think* has been done. And if an indepth check and audit could indicate other systems being compromised via the initial systems, those go too even if theres a chance they werent, in personal experience. Sure it takes time to to backup user data, reinstall of multiple machines but it may save a lot of time when you have to keep rebuilding your machine because your visitor keeps getting back in. Also prevents them getting in remotely (hopefully) through a known vulnerablity if you install the latest release of whatever OS you have. So thats a handy "rule" to have even if it does take a bit longer, Id think ease of mind more than makes up for it.:) hth PsyV btw...always open to new ideas and suggestions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107220333420.21423-100000>