[nSLUG] computer compromised

Renouf, Phillip prenouf at Mobility.com
Thu May 2 15:04:24 ADT 2002


Sure, but don't try and recover from it. The system needs to be unplugged
and rebuilt. If you want to pop the HD out and keep it for forensics etc.
then that is great.
 
Phil

-----Original Message-----
From: Jeff White [mailto:Jeff.White at Q9.com] 
Sent: Thursday, May 02, 2002 12:55 PM
To: 'nslug at nslug.ns.ca'
Subject: RE: [nSLUG] computer compromised



dont blow the box away, learn from it. 

; jeff, jeff at q9.com, www.q9.com 
; there are two errors in in this signature 


-----Original Message----- 
From: Renouf, Phillip [mailto:prenouf at Mobility.com
<mailto:prenouf at Mobility.com> ] 
Sent: Thursday, May 02, 2002 9:43 AM 
To: 'nslug at nslug.ns.ca' 
Subject: RE: [nSLUG] computer compromised 


You need to blow this box away and start from scratch. You will never know 
if you have gotten all the backdoors, trojans, hacked programs and holes 
that this guy used/installed. Start from scratch with an up to date distro 
and apply every stinking security related patch you can find. Disable 
anything you don't use and go from there. 

Phil 

> -----Original Message----- 
> From: Miller [mailto:millerb at hfx.eastlink.ca
<mailto:millerb at hfx.eastlink.ca> ] 
> Sent: Wednesday, May 01, 2002 9:45 PM 
> To: Nslug (E-mail) 
> Subject: [nSLUG] computer compromised 
> 
> 
> I was wondering if anyone could help or known of script or 
> program called 
> sshdu I don't think its part of "shadow-utlis" or is it a 
> script to run 
> longside shadow,my intruder was very busy.I have been trying 
> to follow his 
> foot steps and disarm the programs that l find .I would hate 
> to reinstall 
> over them. 
> I have followed some of the ip address that were lefted 
> ,should l notify 
> them that they to may have been compromised???????? 
>                                                           
> Thank Barry  
> 
> _______________________________________________ 
> nSLUG mailing list 
> nSLUG at nslug.ns.ca http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
<http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug>  
> 
_______________________________________________ 
nSLUG mailing list 
nSLUG at nslug.ns.ca 
http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
<http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20020502/1d7941fe/attachment.html>


More information about the nSLUG mailing list