[61149] in North American Network Operators' Group
Re: Virus
daemon@ATHENA.MIT.EDU (Eric Gauthier)
Mon Aug 25 11:57:27 2003
Date: Mon, 25 Aug 2003 11:53:24 -0400
From: Eric Gauthier <eric@roxanne.org>
To: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>
Cc: Wesley Vaux <Wesley.Vaux@globalknowledge.com>, nanog@merit.edu
In-Reply-To: <226A79C4618AD945B527EA7F475EA2C63211EF@atlmaiexcp01.iss.local>; from dsi@iss.net on Mon, Aug 25, 2003 at 11:47:16AM -0400
Errors-To: owner-nanog-outgoing@merit.edu
> There is no evidence that the patch does not fix the vulnerability. You
> may be getting infected during the patching and cleaning process. Best
> bet is to patch, reboot, then clean.
We've found that downloading both the appropriate patches and cleaning tools,
and then disconnecting from the network (as in unplug your ethernet cord or
hang up your modem line) before you run them both - patch then clean - works
and prevents you from being re-infected during the process.
Eric :)
