On Fri, 25 May 2001, Eric Robinson wrote:
> I agree completely. There is no limit to what you can do if you want to be
> evil. But this attack was a completely automated political statement that
> tageted thousands of servers in exactly the same manner, performing exactly
> the same operations on each one.
Are you willing to guarrantee this for the victim and his network?
>
> There comes a point at which you have to ask yourself, "Was I just one of
> several thousand identical victims, or did some hacker want to get into my
> particular web server so badly that he timed his attack to coincide with a
> larger world-wide event as a cover?"
>
the better questions might well be;
How paranoid am I and how much do I really know took place with the tools
I have installed to monitor.
When in doubt at all, reinstall <smile>.
Thanks,
Ron DuFresne
> Occam's Razor, dude. All things being equal, the simplest answer is the
> correct one. Still, I suppose that in some cases you can't afford to allow
> the latter possibility.
>
> Eric Robinson
> Network Architect
> edurus, Inc.
> www.edurus.com
>
>
> -----Original Message-----
> From: Jose Nazario [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 25, 2001 9:39 AM
> To: Eric Robinson
> Cc: [EMAIL PROTECTED]
> Subject: RE: f**k USA government f**k poizonbox
>
>
> On Fri, 25 May 2001, Eric Robinson wrote:
>
> > Members of this list who suggest that you should reformat and
> > reinstall after a hacking inicdent are only partially correct.
> > Starting with a clean slate is the only way to be sure you have
> > eliminated your problem if you don't already know the exact nature of
> > the attack. In this case, we do. :-)
>
> no, you don't.
>
> if i really wanted to screw with you, i'd make all outward signs look like
> something else relatively benign (deface the webpage in the same fashion),
> but install some backdoors. as long as i was running around racking up
> boxes with a known exploit, i may as well have some fun with it as well.
>
> unless you have a host based integrity monitoring system, ie Tripwire,
> don't make any assumptions based on what you have observed using a
> compromised system.
>
> ____________________________
> jose nazario [EMAIL PROTECTED]
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
