[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] I've been hacked -- now what do I do?
- Subject: Re: [cobalt-security] I've been hacked -- now what do I do?
- From: "Chris Maxwell, WDSL Inc." <betateam@xxxxxxxxxxxx>
- Date: Mon, 6 Nov 2000 15:31:36 -0500
- Organization: WDSL Inc.
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello Steve,
Why don't you just go into the /etc/rc#.d directories, and run
grep nothing * |more
then just take it out of that bootup script?
otherwise, you have to call cobalt support and get the cd image
shipped to you.
Best regards,
Chris Maxwell
cmaxwell@xxxxxxxxxxxx
Monday, November 06, 2000, 3:23:31 PM, you wrote:
SB> Dear All;
SB> Stupid question time -- I've been hacked, so what do I do now? With a
SB> regular box, I'd re-install everything and be done with it. But I can't
SB> just reboot with a floppy in the disk drive if there isn't any disk
SB> drive, so what do I do to reload a known clean system?
SB> Thanks for your support,
SB> Steve Beach
SB> P.S.: I say I've been hacked because there is a program called "nothing"
SB> that starts on boot, and appears to do nothing but run what looks to be
SB> a trojaned "sleep". I'm not sure it's trojaned, since I didn't install
SB> tripwire or anything before I put it online. Oh well, next time.
--
WDSL Inc.
www.wdslinc.com
100 Hamilton Street North
P.O. Box 650
Waterdown, Ontario, Canada
905-690-6367 x234
905-689-4794 Fax
877-626-6799 Toll Free