I agree that not all exploits need to or should be handled in such a way, but this type of open-ended exploit where potentially anything could have been dropped or altered on a system would force me as an network/security/systems administrator to have to take appropriate action to protect my employer.
Yep, it's defiantly extreme. I wouldn't want to have to do it. But, I still would do it all the same. In my experience the risk is just too great not to. Which is why we store data on secure servers, and can multi-cast images for workstations for easy rebuilds. Its a shame not everyone can work in an environment where things like this can be done that easily, but that doesn't mean that they shouldn't be done at all. I have yet to work work for an employer where my management and fellow staff wouldn't be prepared to do the same - thank goodness. I shudder to think about it happening to me... On 8/19/05, Steve Kudlak <[EMAIL PROTECTED]> wrote: > Micheal Espinola Jr wrote: > Absolutely. Once a system has been exploited in such a manner, it > is completely untrustable. It should most definitely be wiped. The IT ppl > in SDC (and many other places) need to all be lined up and smacked Three > Stooges style. On 8/19/05, Donald J. Ankney <[EMAIL PROTECTED]> > wrote: > Any IT department that simply removes a worm and shoves a box back into > production has serious issues. After a machine has been compromised, it > should be wiped and rebuilt. > > As a practical matter how many boxes are we talking about. I mean I have > removed worms and viruses (note I don't use the l;ural virii because it is > too close to the proper Latin Plural of "men";) and put boxes back into use. > But not in places that are critical. Does one rebuiild everytime something > goes wrong? Seems extreme to me. I dunno if this is the place to discuss > issues like this. Now of course with worm designers getting more > sophisticated it might be that more extereme measures should be taken > earlier in the descision chain. Now if people implement a really adequate > backup system, like everything over the last hour is safely backed up it > might be possible to do that. Anyway it is an interesting case, easy to say > now that I am disabled and watching from the sidelines. > > Have Fun, > Sends Steve > > -- ME2 <http://www.santeriasys.net/> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
