Bugtraq mailing list archives

Re: No Security is Bad Security:

From: toasty () HOME DRAGONDATA COM (Kevin Day)
Date: Wed, 3 Feb 1999 01:50:20 -0600


Mistakes Made in Incidence Response:
-----------------------------------

1) Don't log in as root on a machine that most likely has been
compromised. Bsd things can happen.

2) Don't go around blithely executing binaries. (I feel rather stupid
about that)

3) Do *immediately* take the machine offline, and mount the disks on
another system for analysis.



If mounting on another system, and your OS supports it, mount with the
'noexec' option, to make sure you don't accidently infect another system, as
well as the rdonly flag to make sure you don't damage evidence. You may also
want to consider 'noatime', to keep things really pristine, if you don't go
'ro'.

             noexec  Do not allow execution of any binaries on the mounted
                     file system.  This option is useful for a server that has
                     file systems containing binaries for architectures other
                     than its own.



Kevin

Current thread:

No Security is Bad Security: John \ (Feb 02)
- More oshare testing. C.J. Oster (Feb 02)
  - Re: More oshare testing. Jeff Roberson (Feb 03)
    - Re: No Security is Bad Security: com-nospam () CCRAIG ORG (Feb 04)
    - Re: More oshare testing. Alan Cox (Feb 04)
    - Re: More oshare testing. Cristiano Lincoln Mattos (Feb 05)
  - Re: More oshare testing. Dariusz Zmokly (Feb 04)
- Re: No Security is Bad Security: Kevin Day (Feb 02)
  - Re: No Security is Bad Security: Jan B. Koum (Feb 03)
    - Re: No Security is Bad Security: Russell Fulton (Feb 04)
- Re: No Security is Bad Security: ecx (Feb 04)
- Update on w00w00 article (bug report) Shok (Feb 04)
- <Possible follow-ups>
- Re: No Security is Bad Security: Donald Moore (Feb 04)
- Re: No Security is Bad Security: der Mouse (Feb 04)
- Re: No Security is Bad Security: Taral (Feb 04)
- Re: No Security is Bad Security: Scott (Feb 04)