On Wed, 23 May 2001, Ian C. Sison wrote:
> On Wed, 23 May 2001, Ronneil Camara wrote:
>
> > I totally agree with Jeff.
> >
> > Bind 4.9.5 is nice It's not vulnerable daw. ;p
> >
> >
> > -----Original Message-----
> > From: Jeffrey Wong [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 23, 2001 12:47 AM
> > To: 'dwen '; '[EMAIL PROTECTED] '
> > Subject: RE: [plug] inetd
> >
> >
> >
> > > it was bind + tOrn ROOTkit exploit, before april 1 i was using bind
> > >8.2.2-P5 and the fookin WORM got me.
> > >I did ugrade BIND and reinstalled some packages like inetd,
> > >net-tools...etc. to totally erased all trojan files.
> > You only reinstalled some package?!!!
> > I am a little bit paranoid about these things, you should reinstall
> > everything from scratch.
>
>
> I don't agree. That's too much work! \8)
> If you run an RPM based distro you can recover from a compromise..
>
>
> 1. checking the RPM MD5 sigs, and updating the packages of those that
> failed.
>
> 2. check your file system for executables that don't belong to any RPM,
> and erase all those that you find that do not belong to an RPM.
>
> 3. port scan your box (ports 1 - 65534) and make sure there are no other
> open ports other than the services you provide.
>
> 4. upgrade all non-infected packages with the latest security upgrades.
>
> So you see, running a distro like slackware will indeed require a complete
> reinstall, but a distro with a decent package manager wont.
>
>
I disagree...
If a system is compromised, you should not trust anything on it, even rpm.
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
--
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
