Re: Compromised system - still ok?
On Mon, 7 Feb 2005, Bernd Eckenfels wrote:
> In article <[🔎] Pine.LNX.3.96.1050206165845.12860A-100000@Maggie.Linux-Consulting.com> you wrote:
> > you can reinstall AFTER you can answer all the above questions
> > or give up and give the point ot the script kiddie cracker
>
> No, you make an image, reinstall, and if you have time (ie. you normally
> dont) then you can start the forensics.
yes about making an image ... i assume you mean
- take the box down,
- i hate taking the box down, as you can lose
valuable info in its memory
- i'd "re-install" into a new disk and leave the cracked one alone
( disks are super cheap )
- i would not reinstall on the cracked disk
as it can have hidden filesystems
- for forensics.. use a good cd or build a custom disk
with with lot of fun forensics on it and fiddle till one finds
all the answers :-0
after small or big cracking, one always have to make time, and
take more preventative measures vs spending time on forensics
unless you wanna lock um up :-)
fun stuff
c ya
alvin
Reply to: