On Sat, 4 Feb 2006, Carl Fink wrote:
> Once you're rooted, this is way easier and more effective than trying to fix > things. personally, it is 1000x easier to fix and remove the security problems than it would be to start from step -1 reinstalls ... and spend another week or month to harden and verify all the all configs and user info ( i say, if you're "doing it right", it will tke you about 3 days to a week to harden the new box and verify it ) when you reinstall, you still cannot be guaranteed that the trojans is not going to be restored by your reinstalls and restores from backup - how can you guarantee that the trojans is not in the backups ? the trick is that you know how to verify the binaries, the libraries and the directory tree ... and can find what is NOT supposed to be there ------------ if anybody think reinstalling is easier... no problem, but, if you do NOT make a backup copy of the new virgin system onto cdrom/dvd, than you did NOT learn from that possibly compromized box - if you have a clean cdrom/dvd, of the original machine, than you can always verify it in a matter of seconds that it is hacked or not compared to before it went on the wire ----------- and if you know exactly how they got in ... you can close that hole vs opening up new unknown problems by reinstalling new or old files - you will need to know how they got in - you will need to know when they got in - you will need to know where they came from - you will need to know what files they changed - endless fun list... - you cannot do forensics after the fact, if you have no previously verified and clean baseline c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]