On Fri, 25 May 2001, Devin L. Ganger wrote:
> On Fri, May 25, 2001 at 02:13:14PM -0700, Eric Robinson wrote:
>
> > In an ideal world, I suppose we would have time to conduct an "exhaustive
> > forensic analysis" of each of the 9000+ effected systems.
>
> Nope. That's where the risk analysis comes in.
>
> "How much risk will I be at, versus the amount of labor invested?"
and tools and $$$ available to do the proper level of risk analysis
> Full analysis + actions indicated: low risk, extremely high labor.
that depends on who it is doing the analysis and what they were
looking for.....
> No analysis, rebuild system: low risk, moderate labor.
extreme high rish....100% guraranteed that they will get back in
since you did NOT patch the system the first time... doing the
same thing is 100% guranteed they will get in again should they
return or other kiddies attempt the same exploit in the same manner
c ya
alvin
> Light analysis, plug holes: unknown risk, low labor.
>
> > We plugged the hole and moved on. Twenty days later, still no apparent
> > problem or strange activity on the server. No exhaustive analysis performed.
> > No hard drive reformatted. No time wasted.
>
> This time. Until the black hats get smarter than your instinct.
>
> --
> Devin L. Ganger <[EMAIL PROTECTED]>
> find / -name *base* -exec chown us:us {} \;
> su -c someone 'export UP_US=thebomb'
> for f in great justice ; do sed -e 's/zig//g' < $f ; done
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
