Infrastructure status, 2008-08-16 UTC 1530
max bianco
maximilianbianco at gmail.com
Sun Aug 17 19:59:38 UTC 2008
On Sun, Aug 17, 2008 at 8:36 AM, Matthew Miller <mattdm at mattdm.org> wrote:
> On Sat, Aug 16, 2008 at 11:09:09PM -0400, max wrote:
>>> I wondered that, too. The original posting was too vague. You can't
>>> tell if they're just fixing a fault, or sorting out an attack.
>> Assume the latter and act accordingly.
>
> Like, how? Quick, switch everything to another distro? We don't know enough
> to act reasonably.
>
Like keep your eyes open for anything unusual at the least. Do a
little packet sniffing just to see if there is any unusual traffic...I
mean take sensible precautions, run chrootkit and rkhunter, run clam,
obviously you aren't going to blow away boxes on a whim but it pays to
be aware of what transpires on your network. I thought that is what
sysadmins were suppossed to do, be aware of what's going on with the
network.
-Max
More information about the users
mailing list