Re: was I cracked? (rpc.statd, new version)

To: Stig Brautaset <stig@brautaset.org>
Cc: Alvin Oga <aoga@mail.linux-consulting.com>, Lukas Eppler <lukas.eppler@tempobrain.com>, debian-security@lists.debian.org
Subject: Re: was I cracked? (rpc.statd, new version)
From: Alvin Oga <aoga@Mail.Linux-Consulting.com>
Date: Wed, 11 Jul 2001 19:49:34 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1010711194532.23526A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 87bsmrnkd9.fsf@arwen.fsnet.co.uk>

hi ya stig...

yes... that too...

but i think that one should do some checking/digging
BEFORE reinstalling ...

- one should know how they got in...
- one should know "why" they got in..
- one should know what time they got in...
- one should know what files they added and which was modified
- one should know "how to prevent it" the next time
- one should know if they got into any other pcs on the lan

- than reinstall it if needed
	- and more importantly... apply all the patches

but i consider a reinstall the equivalent of a windoze reboot
unless the above major issues are answered first or at least
attempted to look at what happen first... than re-install and patch

c ya
alvin

On 11 Jul 2001, Stig Brautaset wrote:

> > you have to check the filesize of the binaries... not just the date...
> > compared to one that you know is NOT compromized...
> > 	and if you really paranoid...run some tests on it..
> > 
> 
> No, if you really are paranoid you just reinstall it.
> 
> 
> Cheers, Stig
> -- 
>  23:58:03 up 11 days, 17:25,  3 users,  load average: 0.01, 0.03, 0.00
>

Reply to:

References:
- Re: was I cracked? (rpc.statd, new version)
  - From: Stig Brautaset <stig@brautaset.org>

Prev by Date: Re: was I cracked? (rpc.statd, new version)
Next by Date: Re: was I cracked? (rpc.statd, new version)
Previous by thread: Re: was I cracked? (rpc.statd, new version)
Next by thread: Re: was I cracked? (rpc.statd, new version)
Index(es):
- Date
- Thread