Date: Fri, 6 Nov 1998 09:10:30 -0800 From: Sean Harding <sharding@gutenberg.uoregon.edu> To: "Alexander B. Povolotsky" <tarkhil@synchroline.ru> Cc: mwlucas@exceptionet.com, freebsd-security@FreeBSD.ORG Subject: Re: *huge* setuid diffs Message-ID: <Pine.SGI.4.02.9811060908460.14551-100000@gutenberg.uoregon.edu> In-Reply-To: <199811061419.RAA01848@enterprise.sl.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 6 Nov 1998, Alexander B. Povolotsky wrote: > *IMMEDIATLY* shut down both server and do not bring them to Internet until > you'll found the reason. Actually, I recommend pulling it off the network, but not shutting it down. If you have had an intrusion, shutting it down will destroy much of the evidence (running processes, etc). You'll have a much harder time determining what has been done. sean -- Sean Harding sharding@oregon.uoregon.edu|"Remember how it all began http://gladstone.uoregon.edu/~sharding/ | The apple and the fall of man" Consulting: http://www.efn.org/~seanh/ | --Natalie Merchant To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.4.02.9811060908460.14551-100000>