Re: Strange servicepack.exe file (not service.exe) found.

["dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>]

On Thu, Dec 18, 2003 at 08:35:35AM -0800, David Gillett wrote:
>   Paradoxically, I find many Linux admins perversely prone
> to trying to do minimal cleanup to a box that is found to
> be compromised, without much effort to discover what *else* 
> has been done to the box in its "compromised, but not yet
> detected" state, a period for which records such as local
> logs cannot be trusted.  (Did the discovered compromise
balderdash. I have yet to meet the Linux or BSD admin including
myself whom ever 'just' removes what they think is tainted. 
0r -T if you like. At the bare minimum anyone doing *NIX will
wipe the hardrive completely clean and start from a known 
clean state and or backup. This sounds too much like windows 
techno babble switcheroo for my taste. Some_do tend to 
freeze the drive for forensic analysis:) however they do not 
tend to 'ever' be so "perversely prone to do a minimal cleanup.."
Basic compromise 101 in NIX world is to wipe the drive clean
and go from there with all applied patches unplugged from the network.

Regards,
dreamwvr () dreamwvr com   

-- 
/*  Security is a work in progress - dreamwvr                 */
#                               48 69 65 72 6F 70 68 61 6E 74 32
# Note: To begin Journey type man afterboot,man help,man hier[.]      
# 66 6F 72 20 48 69 72 65                              0000 0001
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]

---------------------------------------------------------------------------
----------------------------------------------------------------------------