James Knott wrote:
David Bolt wrote:
On Mon, 21 Jan 2008, Joe Sloan wrote:-
<snip>
Yes, I remember dealing with some similar worms on linux servers - the
difference being, if a linux system gets a worm, you install the
security upgrade from the vendor, clean up the files left behind by the
worm (which will typically be found only in world writable areas), and
life goes on, without a reboot, and perhaps a momentary interruption in
service while the daemon is reloaded.
You'd trust that method of cleaning a system? If only life were so
simple.
If a windows web server gets a worm, game over. wipe the box and
reinstall. At least that's what my mcse friends tell me.
I'd apply the same logic to a Linux server as well. The reason being
that if a worm is able to install on the server using root privileges,
there's no way to know just what else has been installed by it without
performing some form of forensic work on the installation, and has to be
done using tools from outside the.
Why would a server be running root privileges?
Webmasters who recently migrated from Lose-DOS and new to
Linux oftentimes wouldn't even realize that such a thing
could be done.
let alone
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
