on Thu, Feb 03, 2005 at 04:07:10PM +0100, Raymond Dijkxhoorn wrote:
The only thing I don't see is a way to remove these bots! Not everyone knows how to even look at their machines for signs of these bots. Heck, I know most of my guys here don't even know how these bots work.
For a compromised system, insert CD, reinstall!
...which simply reinstalls the old vulnerabilities that made the machine suspectible to compromise in the first place. If you can't patch up from the buggy baseline in time, reinstalling from original media is often the worst thing you can do, if the machine is still connected to the network. And if the machine is NOT connected to the network, it is often not possible to get the security updates downloaded that patch the vulnerabilities. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!