[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromised system - still ok?




On Mon, 7 Feb 2005, Bernd Eckenfels wrote:

> In article <Pine.LNX.3.96.1050206165845.12860A-100000@Maggie.Linux-Consulting.com> you wrote:
> > you can reinstall AFTER you can answer all the above questions
> > or give up and give the point ot the script kiddie cracker
> 
> No, you make an image, reinstall, and if you  have time (ie. you normally
> dont) then you can start the forensics.

yes about making an image ... i assume you mean
	- take the box down,
		- i hate taking the box down, as you can lose
		valuable info in its memory

	- i'd "re-install" into a new disk and leave the cracked one alone
	( disks are super cheap )
		- i would not reinstall on the cracked disk
		as it can have hidden filesystems

	- for forensics.. use a good cd or build a custom disk
	with with lot of fun forensics on it and fiddle till one finds 
	all the answers :-0

after small or big cracking, one always have to make time, and
take more preventative measures vs spending time on forensics
unless you wanna lock um up :-) 

fun stuff

c ya
alvin



Reply to: