Security Incidents mailing list archives
Re: backdoor
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Sun, 23 Jun 2002 11:07:37 +0200 (CEST)
On Sat, 22 Jun 2002, Fabio Miranda wrote:
hi, My box was compromised, and i cant rm a binary that listens over tcp, i need help support, watch:
S.O.P. (Standard Operating Procedures) describe that a compromised box
should be considere lost and be installed from scratch.
If you want to play with in isolation to learn more about the culprit that
is your decision.
However leaving a compromised system online makes you guilty of criminal
neglect. (Aiding and embedding criminals and all that sort of thing.)
As there is never a good waranty on trying to clean a compromised box you
should not attempt it. (After all the box would most likely not be
compromised if you were on the front of things.)
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- backdoor Fabio Miranda (Jun 22)
- Re: backdoor steveg (Jun 23)
- Re: backdoor Ken Fischer (Jun 25)
- Re: backdoor Hugo van der Kooij (Jun 23)
- Re: backdoor Jonas M Luster (Jun 23)
- Re: backdoor Kyle R. Hofmann (Jun 24)
- Message not available
- Re: backdoor Jonas M Luster (Jun 24)
- Re: backdoor Hugo van der Kooij (Jun 26)
- Re: backdoor Greg A. Woods (Jun 26)
- Re: backdoor Jonas M Luster (Jun 23)
- Message not available
- Re: [incidents] Re: backdoor Jonas M Luster (Jun 25)
- RE: [incidents] Re: backdoor Don Weber (Jun 26)
- Re: backdoor steveg (Jun 23)
- Re: backdoor Eric Rostetter (Jun 26)
- <Possible follow-ups>
- RE: backdoor Rob Keown (Jun 23)