Re: BIND exploited ?
On Fri Jan 04, a day that will live in infamy, Russell Coker wrote:
> On Fri, 4 Jan 2002 17:54, Andy Bastien wrote:
> > On Fri Jan 04, a day that will live in infamy, Russell Coker wrote:
> > > On Fri, 4 Jan 2002 03:16, Thedore Knab wrote:
> > > > Where do I go from here ?
> > >
> > > Buy new hard drives, install them and install the latest version of your
> > > favourite distribution and configure it in a secure fashion. Make sure
> > > that all passwords are different.
> >
> > Is it really necessary to buy new hard drives? Is there a reason why
> > he can't just reformat his current drives before reinstalling?
>
> Sure he can, if he wants to lose the evidence of what happened and lose the
> possibility to hand the drives over to law enforcement officials (which may
> be demanded of him even if he doesn't want it in the case that his machine
> was used to attack others).
Good point! Having never dealt with the fuzz after being compromised,
I have to ask what you would do if your server is a file server with
lots of big, expensive drives where a company might not be able to
afford replacing them all? Would they be happy with backups (keeping
in mind that any tools used to backup the server might no longer be
trustworthy)? How about disk images (made with dd, or something
similar) of the drives that contain the system stuff?
Reply to: