attack 2

jludwig wralphie at
Wed May 11 21:51:10 UTC 2005

On Tuesday 10 May 2005 09:41 pm, Leonard Isham wrote:
> On 5/10/05, roland brouwers <roland at> wrote:
> > Hello everyone,
> >
> > Panic...
> >
> > I noticed accepted passwords for different users, such as root, myself
> > and another one, coming from outside:::ffff:
> >
> > How is that possible?
> > Can I detect somehow what he/she did?
> >
> > In the mean time I changed passwords.
Changing passwords now does nothing.

> The only way to guarantee that the system is not longer compromised is
> to reload the OS.
I'll have to agree. 
> --
> Leonard Isham, CISSP
> Ostendo non ostento.

The only issue would be data and files needed and irreplaceable S.A. work 
files, letters, journals, etc., but, no executables bin, script, config 
files, etc. All these may well have been downloaded by the cracker.

Scan them before and after removal (put them on a cdrom, tape, or the like 
mass storage unit. Reload them only as needed and as you can verify their 

It would be better if you could declare the system a total loss.
John H Ludwig

Common sense is so rare, why do they call it common!!!

More information about the users mailing list