On Tuesday, 2002/03/19 at 18:16 EST, "Truman Boyes" <[EMAIL PROTECTED]> wrote: > In the true sense of the word, > *nothing* can be trusted after a compromise.
There's been some real good advice in this thread. I was worried someone would post instructions on how to track down the ssh intruder. While that's something nice to know, it's irrelevant in this case. Even if it appears to have been a well understood attacking agent, it would be unsafe to just repair the bits that that agent is known to hit. And when reinstalling, ensure that you use distribution media that was offline or read-only when the intruder may have been present. Tony Rall _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
