Bugtraq mailing list archives
Re: No Security is Bad Security:
From: toasty () HOME DRAGONDATA COM (Kevin Day)
Date: Wed, 3 Feb 1999 01:50:20 -0600
Mistakes Made in Incidence Response: ----------------------------------- 1) Don't log in as root on a machine that most likely has been compromised. Bsd things can happen. 2) Don't go around blithely executing binaries. (I feel rather stupid about that) 3) Do *immediately* take the machine offline, and mount the disks on another system for analysis.
If mounting on another system, and your OS supports it, mount with the 'noexec' option, to make sure you don't accidently infect another system, as well as the rdonly flag to make sure you don't damage evidence. You may also want to consider 'noatime', to keep things really pristine, if you don't go 'ro'. noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. Kevin
Current thread:
- No Security is Bad Security: John \ (Feb 02)
- More oshare testing. C.J. Oster (Feb 02)
- Re: More oshare testing. Jeff Roberson (Feb 03)
- Re: No Security is Bad Security: com-nospam () CCRAIG ORG (Feb 04)
- Re: More oshare testing. Alan Cox (Feb 04)
- Re: More oshare testing. Cristiano Lincoln Mattos (Feb 05)
- Re: More oshare testing. Dariusz Zmokly (Feb 04)
- Re: More oshare testing. Jeff Roberson (Feb 03)
- Re: No Security is Bad Security: Kevin Day (Feb 02)
- Re: No Security is Bad Security: Jan B. Koum (Feb 03)
- Re: No Security is Bad Security: Russell Fulton (Feb 04)
- Re: No Security is Bad Security: Jan B. Koum (Feb 03)
- Re: No Security is Bad Security: ecx (Feb 04)
- Update on w00w00 article (bug report) Shok (Feb 04)
- <Possible follow-ups>
- Re: No Security is Bad Security: Donald Moore (Feb 04)
- Re: No Security is Bad Security: der Mouse (Feb 04)
- Re: No Security is Bad Security: Taral (Feb 04)
- Re: No Security is Bad Security: Scott (Feb 04)
- More oshare testing. C.J. Oster (Feb 02)