On Sat, April 9, 2005 11:04 pm, Phil Brutsche said: > Chris Mauritz wrote: >> That is absolutely the way to handle a hacked machine. Unless you've >> got MD5 fingerprints of each file on the system (a la tripwire), >> there is no way of knowing where the naughty people may have stashed >> future surpises for the original poster. > > And even then you need to have those fingerprints on RO media and verify > them off-line (relative to the machine's normal state) such as from a > bootable rescue CD. > If you can aford the time, if you have not already, you need to determine how the hacker gained access, otherwise, when you re-install your OS and applications again, you may well get hacked all over again. Having Tripwire, etc., may be useful for determining what files were changed, but I'd never rely on a host integrity system to 'recover' a system. Always re-install to have a clean system. You'll be much better off. Just my 2cents. :) ~Dan
Need some help (been hacked)...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Need some help (been hacked)...
- From: tkrin at tkrin.net (T'Krin)
- Date: Sun Apr 10 03:49:41 2005
- In-reply-to: <425897CF.8040303@xxxxxxxxxxx>
- References: <4258040E.9010401@xxxxxxxxx> <1113066355.32694.42.camel@xxxxxxxxxxxxxxx> <42581299.6070703@xxxxxxxxx> <425897CF.8040303@xxxxxxxxxxx>
- Follow-Ups:
- Need some help (been hacked)...
- From: Michael Boman
- Need some help (been hacked)...
- References:
- Need some help (been hacked)...
- From: Erik Douglas
- Need some help (been hacked)...
- From: Johnny Hughes
- Need some help (been hacked)...
- From: Chris Mauritz
- Need some help (been hacked)...
- From: Phil Brutsche
- Need some help (been hacked)...
- Prev by Date: Need some help (been hacked)...
- Next by Date: MailScanner With One vs Two Postfix Instances
- Previous by thread: Need some help (been hacked)...
- Next by thread: Need some help (been hacked)...
- Index(es):
 |