Re: Bind8 exploit and a deleted partition map

[Luciano Miguel Ferreira Rocha <strange () nsk yi org>]

On Mon, Feb 12, 2001 at 04:12:10PM -0800, Matteo,Marc A. wrote:
> Hi all,
>
> So my question is, what're the odds that the hard drive was hosed by a
> booby trap rather than really bad luck.  If it was a parting gift from
> an attacker, what are the methods used to leave that sort of thing as a
> trap on shutdown/reboot (so it can be avoided in the future)?

If you do a dd if=/dev/zero of=/dev/hda bs=512 count=1, (for dos like partitions and for ide drives,) you'll end up 
without a partition table. However, as the operating system as already booted up, destroying the partition table 
doesn't affect the OS in any way (the partition table is scanned on boot, not on demand).

If you want to make sure that a partition table does exist before rebooting a machine, do a fdisk -l. If no partition 
table is found, reconstruct it with the information contained in /proc/partitions and dmesg. (Alas, that information 
may not be sufficient and /proc file and fdisk are linux specific, I don't know if they work that way in other OS.)

Anyway, a list of the partitions of the system, as reported by fdisk, on paper, is quite useful when the system crashes 
and a reinstalation is needed, or when the partition table gets destroied..

hugs
        Luciano Rocha