On Sat, 22 Jun 2002, Fabio Miranda wrote:
> hi, My box was compromised, and i cant rm a binary
> that listens over tcp, i need help support, watch:
S.O.P. (Standard Operating Procedures) describe that a compromised box
should be considere lost and be installed from scratch.
If you want to play with in isolation to learn more about the culprit that
is your decision.
However leaving a compromised system online makes you guilty of criminal
neglect. (Aiding and embedding criminals and all that sort of thing.)
As there is never a good waranty on trying to clean a compromised box you
should not attempt it. (After all the box would most likely not be
compromised if you were on the front of things.)
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 12:11:27 PDT