[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] one of my servers has been compromized

To: Paul Schmehl <pschmehl_lists@xxxxxxxxx>
Subject: Re: [Full-disclosure] one of my servers has been compromized
From: Charles Morris <cmorris@xxxxxxxxxx>
Date: Tue, 6 Dec 2011 14:09:48 -0500

+1. Except instead of MD5 you want to use something that isn't garbage.

On Tue, Dec 6, 2011 at 1:18 PM, Paul Schmehl <pschmehl_lists@xxxxxxxxx> wrote:
> A "poor man's" root kit detector is to take md5sums of critical system
> binaries (you'd have to redo these after patching), and keep the list on an
> inaccessible media (such as a thumb drive).  If you think the system is
> compromised, run md5sum against those files, and you will quickly know.
> You could even keep statically compiled copies on the thumb drive to use in
> an investigation.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] one of my servers has been compromized
  - From: Lucio Crusca
- Re: [Full-disclosure] one of my servers has been compromized
  - From: Dan Ballance
- Re: [Full-disclosure] one of my servers has been compromized
  - From: Gage Bystrom
- Re: [Full-disclosure] one of my servers has been compromized
  - From: Dan Ballance
- Re: [Full-disclosure] one of my servers has been compromized
  - From: Paul Schmehl

Prev by Date: Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.
Next by Date: Re: [Full-disclosure] one of my servers has been compromized
Previous by thread: Re: [Full-disclosure] one of my servers has been compromized
Next by thread: Re: [Full-disclosure] one of my servers has been compromized
Index(es):
- Date
- Thread