[Wolves] help - think I've been hacked

wolves@mailman.lug.org.uk wolves at mailman.lug.org.uk
Fri Jul 18 16:37:13 2003


Oops. Sounds like you've not planned for this too much?

If you have no "recorded state" of the system (be that full
backups, or tripwire-like databases) then you cannot check
the integrity of the system.

If you don't know when the problem started then you cannot
restore from full backups anyway.

You'll do best to re-install everything from scratch on all
machines on the subnet - or hire a security specialist to
forensically examine the boxes themselves and choose what is
best to do.

Whatever you do, don't do nothing and hope it goes away.
Even if this is not an actual break in then consider
yourself lucky to have this wake up call - you need make a
disaster recovery plan.

What exactly was the problem that lead you to think you have
been successfully attacked?

bambam

--
There is absolutely no warranty for GDB.  Type "show warranty" for details.

On Thu, 17 Jul 2003, Jayne Heger wrote:

>
> well, the subject line says it all.
> But how do I determine this to be true, what steps should I take to make
> 100% sure I have been hacked, what should I check etc....
> to be honest I'm a bit panicky and can't think straight ATM.
>
> If anyone can help me I'd be grateful ;)
>
> Jayne
>
>
>
> _______________________________________________
> Wolves mailing list
> Wolves@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/wolves
>