Compromised Machine
MKlinke
mklinke at axsi.com
Wed Sep 22 18:56:28 UTC 2004
On Wednesday 22 September 2004 13:31, Brian D. McGrew wrote:
> 3) Short of reinstalling the system, how can I tell what was
> done and go about fixing it? I know a reinstall would of course
> do it; and in the case of this machine we've only changed one
> line of one file otherwise it's a stock install.
>
The best advice anyone can give you is to re-install, especially
since it's bone stock. As for the forensics, take a look at the
last project listed here as it sounds like something you'd be
interested in reading:
http://project.honeynet.org/misc/chall.html
Regards, Mike Klinke
More information about the redhat-list
mailing list