Compromised Machine

MKlinke mklinke at axsi.com
Wed Sep 22 18:56:28 UTC 2004


On Wednesday 22 September 2004 13:31, Brian D. McGrew wrote:
 
> 3)  Short of reinstalling the system, how can I tell what was
> done and go about fixing it?  I know a reinstall would of course
> do it; and in the case of this machine we've only changed one
> line of one file otherwise it's a stock install.
>
 
The best advice anyone can give you is to re-install, especially 
since it's bone stock. As for the forensics, take a look at the 
last project listed here as it sounds like something you'd be 
interested in reading:

http://project.honeynet.org/misc/chall.html

Regards, Mike Klinke





More information about the redhat-list mailing list