On Tue, Jan 08, 2002 at 10:51:44PM +0000, David Cantrell wrote: > On Tue, Jan 08, 2002 at 08:19:09PM +0000, Chris Benson wrote: > > On Tue, Jan 08, 2002 at 07:10:55PM +0000, David Cantrell wrote: > > > On Tue, Jan 08, 2002 at 08:42:49AM -0500, Andy Williams wrote: > > > > Can anyone think of anything else? > > > Once a machine has been rooted you can not trust it. Wipe it, reinstall > > > from scratch or from known-good backups. > > Amen. > > I did miss out one crucial step - take an image of the disk so you can > analyse it in the safety of either an un-networked machine or at least > a tool like Virtual PC or VMware, firewalled to buggery and back. It > can be very educational.
Or take it to the next defcon and give it to one of the goons to be distributed in the CTF match. P
