Can You Interpret This Hacker's Script?

Dave Smith dave at thesmithfam.org
Thu Oct 1 13:00:40 MDT 2009


Mike Lovell wrote:
> Stuart Jansen wrote:
>   
>> On Thu, 2009-10-01 at 12:21 -0600, Kimball Larsen wrote:
>>   
>>     
>>> I also ran chkrootkit and rkhunter - both came back clean, so I don't  
>>> think the box has been p0wn3d.
>>>     
>>>       
>> As always, you have to ask yourself how lucky you feel. While this might
>> appear to be clumsy and failed attack, what you've found so far could
>> just be a diversion.
>>
>> The old advice "the only way to be sure is to reinstall" still applies.
>> If this is a personal server, it might not be worth it. If this box is
>> on a privileged part of your work network, or has sensitive data, it's
>> definitely worth being sure. 

Yet another reason to use virtualization and have a good way to redeploy 
your VM (using puppet, cobbler, or the like). You can roll back or just 
redeploy with minimal effort if a box gets compromised.

--Dave



More information about the PLUG mailing list