Re: BIND exploited ?
On Fri Jan 04, a day that will live in infamy, Russell Coker wrote:
> On Fri, 4 Jan 2002 03:16, Thedore Knab wrote:
> > Where do I go from here ?
> Buy new hard drives, install them and install the latest version of your
> favourite distribution and configure it in a secure fashion. Make sure that
> all passwords are different.
> Trying to remove root-kits etc might be fun if you're running a "honeypot"
> system, but if you are running a business or some other organization that has
> aims other than playing with Linux machines then a complete re-install is the
> best option. Otherwise you'll just end up playing cat-and-mouse with the
> cracker, and they'll probably start randomly deleting data files when they
> start losing.
Is it really necessary to buy new hard drives? Is there a reason why
he can't just reformat his current drives before reinstalling?
btw, I'd work under the assumption that those *snif* programs actually
were functional password sniffers. This means that anyone whose
passwords could have possibly been captured needs to change their
passwords (in the meantime you could try find out if you can locate a
capture file on the compromised system). And if a user's email
password could have been captured, don't send him an email informing
him of this fact ;).