On Fri, 25 May 2001, Eric Robinson wrote:
> Members of this list who suggest that you should reformat and
> reinstall after a hacking inicdent are only partially correct.
> Starting with a clean slate is the only way to be sure you have
> eliminated your problem if you don't already know the exact nature of
> the attack. In this case, we do. :-)
no, you don't.
if i really wanted to screw with you, i'd make all outward signs look like
something else relatively benign (deface the webpage in the same fashion),
but install some backdoors. as long as i was running around racking up
boxes with a known exploit, i may as well have some fun with it as well.
unless you have a host based integrity monitoring system, ie Tripwire,
don't make any assumptions based on what you have observed using a
compromised system.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
