On Tue, 12 Mar 2002 vogtat_private wrote: > On the other hand, this strikes me as a very dumb move. If the sysadmin is > bright enough to find the rootkit, I sure do hope that he also realizes that > the only way to a clean system is through a full reinstall. On the contrary, I'd say it was a smart move. Far too many people who should know better advocate cleaning up a compromised system rather than wiping it and reinstalling. I've always thought upon reading such recommendations that intruders would do well to entrench themselves deeply in a system, then leave a throwaway rootkit such that it would be found if anyone went looking. Those who advocate cleaning a system rather than reinstalling it really should stop. :) I do believe it can be done, but it would require booting from trusted media and a full audit of the system, at a minimum. Reinstalling is generally easier and faster, and much more likely to leave you with a clean system. Rob -- ------------------------------------------------------------------------------ Rob McCauley Radiation Oncology Duke University Medical Center > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 16:50:48 PST