Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
AW: [suse-security] server-check
  • From: Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
  • Date: Sat, 10 Feb 2001 12:57:49 +0100
  • Message-id: <656F04F343FC25409463829A15B5FDDC53F7@xxxxxxxxxxxxxxxxxxxxx>
And again, as always mentioned on this list: If the machine was attacked and
you have finished the forensic analysis, format the harddisk and do a fresh
install from CD-ROM. It sure would help if you knew how the attacker came
in, and which other machines on your net have also been compromised...

Thomas

> -----Urspr√ľngliche Nachricht-----
> Von: Togan Muftuoglu [mailto:toganm@xxxxxxxx]
> Gesendet: Samstag, 10. Februar 2001 12:48
> An: SuSE Security Mail List
> Betreff: Re: [suse-security] server-check
>
>
> Thomas Lamy wrote:
> > No, it's just your binaries are swapped with those from the
> root-kit, and
> > these hide themselves... Get those binaries from a safe
> machine (better
> > CD-ROM) into a temporary directory (for forensic analysis,
> do not overwrite
> > any binaries nor reboot the machine!), and try it again
> with those safe
> > binaries. You may also do an "rpm --verify -a >
> /tmp/some/file" to check the
> > md5-hashes of all installed packages, to see if and which
> binaries on your
> > sytem have been replaced by the attacker's root-kit.
> >
>
> (SH...T)
>
> Ok can I run these tools from my laptop connected to my the f....ed
> machine via ethernet. ( I can use the live CD so those binaries on the
> laptop machine will not have the possibility to be hacked
>
>
> > Regards,
> > Thomas
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
>
> --
> Togan Muftuoglu
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>

< Previous Next >
Follow Ups