attack 2
jludwig
wralphie at comcast.net
Wed May 11 21:51:10 UTC 2005
On Tuesday 10 May 2005 09:41 pm, Leonard Isham wrote:
> On 5/10/05, roland brouwers <roland at cat.be> wrote:
> > Hello everyone,
> >
> > Panic...
> >
> > I noticed accepted passwords for different users, such as root, myself
> > and another one, coming from outside:::ffff:213.219.168.50
> >
> > How is that possible?
> > Can I detect somehow what he/she did?
> >
> > In the mean time I changed passwords.
>
Changing passwords now does nothing.
> The only way to guarantee that the system is not longer compromised is
> to reload the OS.
>
I'll have to agree.
> --
> Leonard Isham, CISSP
> Ostendo non ostento.
The only issue would be data and files needed and irreplaceable S.A. work
files, letters, journals, etc., but, no executables bin, script, config
files, etc. All these may well have been downloaded by the cracker.
Scan them before and after removal (put them on a cdrom, tape, or the like
mass storage unit. Reload them only as needed and as you can verify their
cleanness.
It would be better if you could declare the system a total loss.
--
John H Ludwig
Common sense is so rare, why do they call it common!!!
More information about the users
mailing list