On Fri, 2008-04-11 at 02:06 -0600, Frank Cox wrote: > On Fri, 11 Apr 2008 08:53:35 +0100 > Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: > > > you can usually recover a box pretty trivially. > > The problem, though, is that you can never really KNOW that everything is back > in order. After someone has root and the run of your machine, he can do > whatever he likes. You say that you found four exploits installed? What if > there's really five? Or six? Or... > > I firmly believe that the only realistic way to deal with an intrusion of that > nature is a full nuke and re-pave. > > -- I'll second that. Having been rootkitted once, I can tell you that it is no small matter if the attacker is sophisticated, and desires to do you great harm. I finally had to replace the harddrive. I never did isolate all the issues, and even formatting didn't seem to put it back in order. I have no idea why I was targeted, or if it was a storm that I got into by some blunder on the keyboard, but my system was hosed (of course it was Windows). Regards, Les H
