On Tuesday 23 August 2005 12:57, Alvin Oga wrote: > personally... i think any hacked machine should be looked over > carefully to be able to answer the following: > - who broke in > - how did they get in > - why did they break in ( sometimes there's no answer ) > - where they came from > - how many times did they come in > - how many prev attempts did they try > - how long before you noticed them > - what other machines did they break into > ( esp for those of you that like passwordless logins ) > - what text files were read or edited > - which binaries and libraries did they modify > - what extra directories and files exists > - what did they sniff and for how long ( passwds ) > - .. endless list ..
Nice... can you also provide some info on how to find answers to these questions? This would be very useful... just in case. :) Cheers Arne -- Arne Götje (高盛華) <[EMAIL PROTECTED]> (Spam catcher. Address might change in future!) PGP/GnuPG key: 1024D/685D1E8C Fingerprint: 2056 F6B7 DEA8 B478 311F 1C34 6E9F D06E 685D 1E8C Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
pgpqcLaLWoKT1.pgp
Description: PGP signature
