Well said Glynn - there are no shortcuts at all. FORMAT and start again.
Another little trick that we use that is NOT fullproof (foolproof!)
BUT has caught ALL of our attackers so far is to select several unused IP
addresses "randomly" from the IP group that we have been allocated and
if those IP addresses are hit we lock out (DENY) the source IP address for
nominally 24 hours. Since most accounts are fake we don't really want to
upset genuine users we release them a little later manually.
There is a DoS issue here but but it seems to work for us.
Be careful.
Regards,
Bruce.
>> I still can't figure out how the intruder entered my system?? Please
>> advice me on what to do to make sure my system is secure.
>
>To start with, you need to wipe the hard disk and re-install the OS
>from scratch. There *aren't* any short-cuts. There are alternatives,
>but unless you *really* know what you're doing (and if you did, you
>wouldn't be asking us) these will either:
>
>a) take longer than re-installing from scratch, or
>b) run the risk of leaving back-doors intact.
>
>Any configuration files which have been modified since installation
>need to be *carefully* examined (a single character in the right place
>can create a back door). Don't just keep the existing files.
>
>--
>Glynn Clements <[EMAIL PROTECTED]>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-net" in
>the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
