[email protected] writes: > with my security hat on, the answer is to reimage the system, don't trust > anything on the box you can't examine directly (i.e. web content files may > be Ok, but binaries should be replaced) > > If you have some reason why you can't do this, you need to scan the box > (nmap or similar) to try and make sure that there aren't any ports > listening that you don't expect. > > but you really should plan on rebuilding the box as soon as you possibly > can, ideally before putting it back online.
Right, but it sounds like the hole was quite possibly in the closed-source binaries they are running. a re-install, without fixing the hole, will just result in a new compromise. it seems to me like the owner of those closed-source binaries needs to be involved in that, to me. (unless it was the framework, and if it was the framwork, David's advice is spot-on. ) _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
