[EMAIL PROTECTED] (Dimitri Maziuk) writes: > > I can easily agree with the above, emphasizing the "if" clause on top > > of it. You do not want to wipe away your computer and spend a good > > amount of time rebuilding it unless you _believe_ it has been rooted. > > That's why you unplug it (to begin with) and carefully check the > > contents of its hard disk(s) using a known good system, possibly using > > another computer altogether to do the check. > > > > THEN you wipe the compromised system away and reinstall it... Bootable CDs are jolly useful for this. > "I can easily agree with the above, emphasizing the "if" clause". ;) If > you're good at hunting down r00tkits, and the server is not critical, > then yes. Besides, it's a good learning experience. If you want the > server back on-line ASAP, wipe and reinstall is usually faster. One possible compromise, that should probably be happening anyway: take an archive copy for your forensics and/or as a last-minute backup before the wipe. That can probably be done quickly enough to fit the wipe & reinstall route. ~Tim -- That morning dawn, with no regrets |[EMAIL PROTECTED] We stood in line, we laughed |http://spodzone.org.uk/ In silhouette | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
