the general subject has been discussed at length before, notably
by Rick Moen, Ian and other people who will forgive me for
not listing their names. here's a concrete example and an object
lesson.
you cannot be too paranoid when your box has been cracked.
at least take the box off the network.
even better, in case there are deadman switches in there
(destruction occurs if it's off the network long enough),
turn the box off and mount the drive (read-only, for
forensic purposes) on another box, or from a rescue CD).
http://online.securityfocus.com/news/1113
the guy whose cracked box the sendmail trojan was
reporting to decided to disallow access to port 6667
so that hacked sendmail would stop reporting to him
but he didn't disconnect his box from the network.
apparently that tipped off the cracker and he lost years
of data because the cracker went through his box deleting
stuff willy-nilly. maybe for revenge, maybe to cover
his tracks.
tiger
--
Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Veritas liberabit vos.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
