Yeah, that's exactly what I'm talking about with not trusting a box after being r00ted. I don't care which OS you're on, if an attacker has root/SYSTEM access, you're never going to be sure they're gone.
So, protect yourself, or be ready to rebuild! Ron On 2014-01-29 17:48, Aemilianus Kehler wrote: > Scarier yet is root kits hiding any possible scent of being owned.... > > Cheers!! > > > On Jan 29, 2014, at 5:44 PM, Edwin Amsler <[email protected]> wrote: > > > > I agree with Ron. > > > > Also, I agree with all points presented. If you're ultra paranoid, run your > > individual processes in containers or chroot them as well. Do the whole > > OpenBSD thing. > > > >> On 2014-01-29, at 5:41 PM, Ron <[email protected]> wrote: > >> > >>> On 2014-01-29 17:37, Kevin wrote: > >>> It is > >>> a horrible and time consuming mess to deal with, usually resulting in > >>> the rebuild of that server... > >> > >> Usually rebuilding the server!? As long as "retiring" is the only other > >> option, I can live with that. But ever trusting a server again after an > >> attacker had root access is a dangerous situation. :) > >> > >> Ron > >> _______________________________________________ > >> SkullSpace Discuss Mailing List > >> Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > >> Archive: https://groups.google.com/group/skullspace-discuss-archive/ > > _______________________________________________ > > SkullSpace Discuss Mailing List > > Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > > Archive: https://groups.google.com/group/skullspace-discuss-archive/ > _______________________________________________ > SkullSpace Discuss Mailing List > Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > Archive: https://groups.google.com/group/skullspace-discuss-archive/ _______________________________________________ SkullSpace Discuss Mailing List Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss Archive: https://groups.google.com/group/skullspace-discuss-archive/
