Security Basics mailing list archives
Re: tools to run on compromised linux box
From: Adriel Desautels <adriel () netragard com>
Date: Wed, 06 Aug 2008 11:26:00 -0400
Lister,Are you doing this for a system that was compromised and is running on your network or are you doing this for your own edification?
If you are asking this question for the first reason, then you should just re-install the system. Once a computer system has been compromised the integrity of its software can not guaranteed and as such can not be trusted to be safe. Its a waste of time and resources to try to "clean" the system, its much more simple (in most cases) to just reinstall.
If you are asking for your own edification and if this is for research then there are many forensic tools that you can use. Check the sleuth kit for a good free one. If you want to pay for a commercial tool then check encase (but its expensive and if you don't have the experience then don't waste your money). There are many and Google is your friend.
Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn lister () lihim org wrote:
Can anyone recommend some tools to run on a compromised linux box to determine if there is further infestation? (rootkits, etc).
Current thread:
- tools to run on compromised linux box lister (Aug 06)
- Re: tools to run on compromised linux box Sukbum Hong (Aug 06)
- Re: tools to run on compromised linux box Nikhil Wagholikar (Aug 06)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
- Re: tools to run on compromised linux box Ansgar -59cobalt- Wiechers (Aug 07)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 07)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
- Re: tools to run on compromised linux box Adriel Desautels (Aug 06)
- Re: tools to run on compromised linux box Erin Carroll (Aug 06)
- Re: tools to run on compromised linux box linux.gheek (Aug 06)
- <Possible follow-ups>
- Re: tools to run on compromised linux box jason . gerfen (Aug 06)