[77717] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Gadi Evron)
Thu Feb 3 10:33:02 2005
Date: Thu, 03 Feb 2005 17:29:15 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Raymond Dijkxhoorn <raymond@prolocation.net>
Cc: Joel Perez <jperez@numind.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.61.0502031619590.13909@mailbox.prolocation.net>
Errors-To: owner-nanog-outgoing@merit.edu
> You will never be sure you have picked up all, only the known ones. For
> a compromised system, unless running tripwire or something, reinstall!
You can never be sure, that's why it's a backdoor/Trojan horse.
> Its a nice start, but it also tell people i am safe, and they dont know
Yes, it is. AV products have not taken Trojan horses seriously for
years, and called them "garbage" samples. Now they start to change that
due to almost any sample out there being also a Trojan horse, but not
drastically enough
> for sure. Seeing our abuse department getting tickets over and over
> about the same customers its a fact that they just simple are not able
> to clean it out easilly. Then its better to instert foot (CD) and start
> all over.
Then using AT programs is a good start. A clean slate is always better,
but your grandma won't agree.
Gadi.
