Root Kit Information

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMplug-discuss@lists.plug.phoenix.az.us at <-
MGary Nichols at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
Subject: Root Kit Information
wrote:
>
> Hi All,
>
> Does anyone know if there is a website that has info about root kits. One of my servers was infected with the ShowTee
> root kit. I did find some info about ShowTee by searching on google, but it wasn't as helpful as I'd have hoped.
> I'm looking for something similar to Symantec's Virus Encyclopedia, where I can type in the name of a virus and I get
> detailed info about how it spreads, what type of files it infects, how to clean it and any variants of the virus.
> Is there such a site for root kits?
>
> Any help would be appreciated.
> Thanks,
> Peter
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss 


The Computer Emergency Response Team is quite clear on how to recover
from an intrusion:
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
Note step E1:
E. Recover from the intrusion
              1.Install a clean version of your operating system 
Keep in mind that if a machine is compromised, anything on that system
could have been modified, including the kernel, binaries, datafiles,
running processes, and memory. In general, the only way to trust that a
machine is free from backdoors and intruder modifications is to
reinstall the operating system from the distribution media and install
all of the security patches before connecting back to the network.
Merely determining and fixing the vulnerability that was used to
initially compromise this machine may not be enough.


                    We encourage you to restore your system using known
clean binaries. In order to put the machine into a known state, you
should re-install the operating system using the original distribution
media.





Since it has been powered off for weeks, it must not be too important.
What better time to upgrade that kernel and the other dozen security
holes that have popped up?

Finally, you can try out my Linux Security Checklist:
http://www.georgetoft.com/linux/security/locking/checklist.html

Have lot's of fun(tm).

George 

-- 
        __     __   ___   __   __   __  ___    ___
       |  |   |  | |   \ |  | |  | |  | \  \  /  /
  -o)  |  |   |  | |    \|  | |  | |  |  \  \/  /   (o-
  /\\  |  |__ |  | |  |\    | |  |_|  |  /  /\  \   //\
 _\_v  |_____||__| |__| \___| \_______| /__/  \__\  v_/_


Don't Fear The Penguins

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-"top" for MySQLhelp with wvdial->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)