('binary' encoding is not supported, stored as-is) In-Reply-To: <001501c24827$5301b360$0100a8c0@danz> Hello, All-in-all you did a good job. One thing that stands out is this: >[root@Rah .sys]# ./cleaner >* sauber by socked [07.27.97] >* Usage: cleaner <string> You should never run any un-trusted programs. The command "strings" is the right tool for the job. You should also try to get trusted binaries of system programs (e.g. ls, ps, netstat, lsof, etc.) and put them onto separate media like a clean floppy or a CD-R. You can get them off of your distro CD. Integrity checkers like Tripwire or AIDE (available at http://www.cs.tut.fi/~rammer/aide.html). Finally, you might want to get a decent book on forensics like "Incident Response" by Chris Prosise, Kevin Mandia; which covers technical and legal aspects. Good Luck, Alaric www.alaricsecurity.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 22 2002 - 03:41:42 PDT