Date: Thu, 19 Apr 2001 12:39:15 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Dag-Erling Smorgrav <des@ofug.org> Cc: "David G. Andersen" <dga@pobox.com>, Kris Kennaway <kris@obsecurity.org>, fukuda shinichi <fukuda@alles.ad.jp>, freebsd-security@FreeBSD.ORG Subject: Re: unknown process Message-ID: <20010419123915.A446@ringworld.oblivion.bg> In-Reply-To: <xzpzodd6xsh.fsf@flood.ping.uio.no>; from des@ofug.org on Thu, Apr 19, 2001 at 11:31:26AM %2B0200 References: <200104190324.VAA14081@faith.cs.utah.edu> <xzpzodd6xsh.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 19, 2001 at 11:31:26AM +0200, Dag-Erling Smorgrav wrote: > "David G. Andersen" <dga@pobox.com> writes: > > You've been hacked. Do what Kris said immediately - take your > > system offline, and figure out how they got in. You'll likely > > need to either restore from backups, a fresh install, or check > > your tripwire/etc logs to determine what else the intruder > > changed, if they installed a rootkit, etc. > > It's not either/or. The only acceptable solution to this situation is > a complete reinstall from a trusted source (e.g. original CD set). ..and during the install, examine your backups - people have been known to restore systems from backup, only to find out that the intrusion had happened *before* the backup; sometimes there are months and months of accurately backed up backdoors and stuff. G'luck, Peter -- Thit sentence is not self-referential because "thit" is not a word. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010419123915.A446>