You did not mention an operating system. That makes a difference when you get into details.
Rules: A. Never load a box while it is connected to the network, if you can help it. It could be exploited before you can get the patches in. I've seen boxes exploited in less than two minutes. That was just plain bad luck, but don't you always go back to that fishing hole where you caught them before? They'll automate scanning of that subnet and root you with a script. B. Once the OS is loaded, the first software you should load is a good AntiVirus. It may slow down the rest of the install, but at least you can be reasonably sure you aren't infecting yourself while you do it. C. Never load the patches from the network, if you can help it. Download them on a hardened machine and burn them to CD. Load from that. D. Before you ever connect to the internet, but after you have loaded all your favorite software, image or back up the disk. Don't you hate loading software, AV's, and OS's? I sure do. Suggestions: - If the disk is suspected of having been virii'd or trojaned, low level format it at the least before you reinstall. Run a KO or DiskWipe on it. Kill that thing. On a Win9x load, I once had Monkey.B drive me crazy. I'd fdisk the drive, blow away the partitions, fdisk /mbr it, rebuild the partitions and it's still have monkey.b. Monkey.b was sitting memory resident, and when I'd go to shutdown, it'd reinfect the boot sector. Fix? Make the disk non-bootable, reboot and then make it bootable. - Don't use easy passwords. Get downright ugly with the root or administrator password. Make it log and ugly. In MS systems, don't spend too much time changing the admin account name. They'll know which accounts are which anyway. How to find out you've been breached? 1. Some sort of personal firewall reporting attempts at strange outbound connection attempts. 2. Sniffing your outbound. 3. Logs from your corporate firewall which blocked your outbound. 4. Your newly updated AV starts making rude noises at you and depicts captured vermin. 5. Your friends and relatives start sending you death threats for infecting them with your damned party pictures. 6. Your tripwire like software sees filesize changes. 7. You run a port scanner and find you are listening on ports you should not be. D. Weiss MCSE/CCNA/SSP2 -----Original Message----- From: Enquiries [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 10:04 PM To: [EMAIL PROTECTED] Subject: a few basic simple questions Dear Group How do you know when you are infected by a trojan or someone has control of your pc from a backdoor? Is it when your windows update's always continuously refuse to update from the microsoft site, including the ever popular critical updates to patch security holes? When trying to update IE from microsoft it does not work? When you discover every so often that the hard drive when wiped clean suddenly becomes a 1gb hard drive instead of a 20 gb hard drive - has happened several times to me? when the firewalls (zonealarm) every so often is disabled while surfing? Other strange happenings... How does one detect what the problem is and cure it, especially when you are a beginner? If using a trojan to fight a trojan to cure the problem how does you know which ones to trust, as I have found there seems to be a lot of programmes out there saying they can find this that and the other but what if it is something really specialised? Thaque
