Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition

From: "Jamie Riden" <jamie.riden () gmail com>
Date: Thu, 31 Jan 2008 16:54:56 +0000
No, that's the only option at all. You can investigate as much as you
like, it's not a good idea to bring the box back online without a
complete re-install.

cheers,
 Jamie

On 31/01/2008, Eduardo Tongson <propolice () gmail com> wrote:

Yes I agree that this is the only option when you do not have the
resources or skills to investigate thoroughly.

   Ed <http://blog.eonsec.com>

On Jan 31, 2008 2:15 AM, Jason Stelzer <jason.stelzer () gmail com> wrote:

All bets are off because there is no way to conclusively prove that a
compromise stopped at a certain point. Best practice dictates that you
reimage the box[1]. The issue really is that nobody has complete
knowledge of everything. Any number of as yet unreported exploits
could have been used to elevate privileges for example. I'll go out on
a limb and claim that various blackhat communities know of exploits
that vendors and admins are as yet unaware of.


-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/
Previous By Date Next
Previous By Thread Next

Current thread: