Mailinglist Archive: opensuse (3407 mails)

[David Bolt <bcrafhfr@xxxxxxxxxx>]

On Mon, 21 Jan 2008, Joe Sloan wrote:-

<snip>

> Yes, I remember dealing with some similar worms on linux servers - the
> difference being, if a linux system gets a worm, you install the
> security upgrade from the vendor, clean up the files left behind by the
> worm (which will typically be found only in world writable areas), and
> life goes on, without a reboot, and perhaps a momentary interruption in
> service while the daemon is reloaded.

You'd trust that method of cleaning a system? If only life were so
simple.

> If a windows web server gets a worm, game over. wipe the box and
> reinstall. At least that's what my mcse friends tell me.

I'd apply the same logic to a Linux server as well. The reason being
that if a worm is able to install on the server using root privileges,
there's no way to know just what else has been installed by it without
performing some form of forensic work on the installation, and has to be
done using tools from outside the.


Regards,
        David Bolt

-- 
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
SUSE 10.1 32bit  | openSUSE 10.2 32bit | openSUSE 10.3 32bit | openSUSE 11.0a0
SUSE 10.1 64bit  | openSUSE 10.2 64bit | openSUSE 10.3 64bit
RISC OS 3.6      | TOS 4.02            | openSUSE 10.3 PPC   |RISC OS 3.11
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx