Quoting Gerald Timothy Quimpo ([EMAIL PROTECTED]):
> http://online.securityfocus.com/news/1113
>
> the guy whose cracked box the sendmail trojan was
> reporting to decided to disallow access to port 6667
> so that hacked sendmail would stop reporting to him
> but he didn't disconnect his box from the network.
>
> apparently that tipped off the cracker and he lost years
> of data because the cracker went through his box deleting
> stuff willy-nilly. maybe for revenge, maybe to cover
> his tracks.
Note that this experience would have been much, much, much less
traumatic if the admin had current, tested backups. All he would have
lost is a small amount of current machine state, the time required to
rebuild the box, and the opportunity to do security forensics, to figure
out how break-in occurred and how to prevent recurrence.
Current _tested_ backups can save your... job, at least. "Tested" means
you do occasional test restores onto a sacrificial machine, and verify
that everything's there. Otherwise, how do you really know that your
backups are sufficient?
--
Cheers, The genius of you Americans is that you never make
Rick Moen clear-cut stupid moves, only complicated stupid moves
[EMAIL PROTECTED] that make us wonder at the possibility that there may be
something to them that we are missing. --Gamel Abdel Nasser
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
