ACK! How to fix a compromised system?
Dustin Decker
dustind at moon-lite.com
Sat Apr 19 20:15:44 CDT 2003
On Sat, 19 Apr 2003, Bradley Miller wrote:
> I've got a box that someone put a "toolz" kit on yesterday. Any ideas on
> how to cleanse the beast?
Well... if you want to be able to really "trust" that host again, you
really need to wipe the drive, install your os, and restore a backup.
Root-kits tend to leave more backdoors in place than imaginable - finding
them all is a pain.
Find out, however, how they got in. Otherwise, even on a new install,
they'll be back. :)
D.
--
o-----------------------------------o
| Dustin Decker - CNA, MCP |
| dustin at dustindecker.com o-------------------------------------o
| Network Engineer | "They that can give up liberty to |
| Preferred Physicians Group | obtain a little temporary safety |
o-------------------------------| deserve neither liberty nor |
| safety." |
| -- Benjamin Franklin (1706-1790) |
o-------------------------------------o
More information about the Kclug
mailing list