On Fri, Apr 11, 2008 at 11:13 AM, Les <hlhowell@xxxxxxxxxxx> wrote: > On Fri, 2008-04-11 at 02:06 -0600, Frank Cox wrote: > > On Fri, 11 Apr 2008 08:53:35 +0100 > > Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > you can usually recover a box pretty trivially. > > > > The problem, though, is that you can never really KNOW that everything is back > > in order. After someone has root and the run of your machine, he can do > > whatever he likes. You say that you found four exploits installed? What if > > there's really five? Or six? Or... > > > > I firmly believe that the only realistic way to deal with an intrusion of that > > nature is a full nuke and re-pave. > > > > -- > I'll second that. Having been rootkitted once, I can tell you that it > is no small matter if the attacker is sophisticated, and desires to do > you great harm. I finally had to replace the harddrive. I never did > isolate all the issues, and even formatting didn't seem to put it back > in order. I have no idea why I was targeted, or if it was a storm that > I got into by some blunder on the keyboard, but my system was hosed (of > course it was Windows). > > Regards, > Les H > One of the best and most quoted lines I have heard is (paraphrased) " look dude the worm aint smart enough to know your network is uninteresting, it just does its thing". The other thing alot of people don't seem to realize is that you call it a "virus" but its just a program like any other. I find that a great many people (i'm not necessarily refering to people who subscribe to this list) think viruses are different or special somehow, they are programs just like any other except they aren't trying to make "your" life easier. Max
