On Sun, May 25, 2003 at 05:58:16PM -0400, David B Harris wrote: > On Sun, 25 May 2003 13:04:30 -0500 > Jayson Vantuyl <kagato@souja.net> wrote: > > We have no idea how he's getting in, but we've got his rootkit fairly > > nailed down (he uses a few slightly different ones). > > Good god man! Include them in your post. There may be a new, unknown > vulnerability. Not to mention that people will be able to tell you > exactly what the rootkits do. Maybe following the steps described in "Chapter 10 - After the compromise (incident response)" [1] of the Securing Debian Manual is best. I think he might get also good answers if he posts this information to the security-incidents mailing list [2] (maybe with a cross-post to this list too) Regards JAvi [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch-after-compromise.en.html [2] http://securityfocus.com/archive/75
Attachment:
pgpJ1ASGcvDNy.pgp
Description: PGP signature