[77729] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Steven Champeon)
Thu Feb 3 13:21:21 2005
X-Received-From: schampeo@habanero.hesketh.net
X-Delivered-To: <nanog@merit.edu>
Date: Thu, 3 Feb 2005 13:20:49 -0500
From: Steven Champeon <schampeo@hesketh.com>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.61.0502031605400.11593@mailbox.prolocation.net>
Errors-To: owner-nanog-outgoing@merit.edu
on Thu, Feb 03, 2005 at 04:07:10PM +0100, Raymond Dijkxhoorn wrote:
> >The only thing I don't see is a way to remove these bots!
> >Not everyone knows how to even look at their machines for signs of these
> >bots. Heck, I know most of my guys here don't even know how these bots
> >work.
>
> For a compromised system, insert CD, reinstall!
...which simply reinstalls the old vulnerabilities that made the machine
suspectible to compromise in the first place. If you can't patch up from
the buggy baseline in time, reinstalling from original media is often
the worst thing you can do, if the machine is still connected to the
network. And if the machine is NOT connected to the network, it is often
not possible to get the security updates downloaded that patch the
vulnerabilities.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
