Re: Compromised system - still ok?

To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: debian-security@lists.debian.org
Subject: Re: Compromised system - still ok?
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Sun, 6 Feb 2005 19:43:54 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050206193613.24313A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] E1CxzFx-000408-00@calista.eckenfels.6bone.ka-ip.net>


On Mon, 7 Feb 2005, Bernd Eckenfels wrote:

> In article <[🔎] Pine.LNX.3.96.1050206165845.12860A-100000@Maggie.Linux-Consulting.com> you wrote:
> > you can reinstall AFTER you can answer all the above questions
> > or give up and give the point ot the script kiddie cracker
> 
> No, you make an image, reinstall, and if you  have time (ie. you normally
> dont) then you can start the forensics.

yes about making an image ... i assume you mean
	- take the box down,
		- i hate taking the box down, as you can lose
		valuable info in its memory

	- i'd "re-install" into a new disk and leave the cracked one alone
	( disks are super cheap )
		- i would not reinstall on the cracked disk
		as it can have hidden filesystems

	- for forensics.. use a good cd or build a custom disk
	with with lot of fun forensics on it and fiddle till one finds 
	all the answers :-0

after small or big cracking, one always have to make time, and
take more preventative measures vs spending time on forensics
unless you wanna lock um up :-) 

fun stuff

c ya
alvin

Reply to:

Follow-Ups:
- Re: Compromised system - still ok?
  - From: Scott Edwards <supadupa@gmail.com>
- Re: Compromised system - still ok?
  - From: Russell Coker <russell@coker.com.au>

References:
- Re: Compromised system - still ok?
  - From: Bernd Eckenfels <ecki@lina.inka.de>

Prev by Date: Re: Compromised system - still ok?
Next by Date: Re: Compromised system - still ok?
Previous by thread: Re: Compromised system - still ok?
Next by thread: Re: Compromised system - still ok?
Index(es):
- Date
- Thread