Last Updated: 2004-05-17 10:47:27 UTC
by Patrick Nolan (Version: 1)
Experience shows that rebuilding a compromised system is a best practice that some people responsible for the security of systems still want to ignore (in both *NIX & Microsoft shops). These are the folks that will have the time to read the following article ( ; ^ ). So .... if ensuring the confidentiality, integrity and availability of your employer's network, and safekeeping their business and their customers are not good enough reasons to make rebuilding a best practice for compromised systems in your shop, consider the following best practice and career advice from the Microsoft article (my highlighting);
"The only way to clean a compromised system is to flatten and rebuild. Thatís right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I donít want to see you doing that."
(Help: I Got Hacked. Now What Do I Do? by Jesper M. Johansson, Security Program Manager, Microsoft Corporation: May 7, 2004)
ISC's recent, needed, umpteenth and not last publication of some of the reasons why "clean up tools may not be adequate" is at;
Port 8000 activity is increasing, tip o' the hat to Ken Connelly's consistently informative Intrusions.Org Log posts;
Dshield Port 8000 Numbers;
Two sharp eyed readers correctly pointed out that these scans are more likely for HP print servers with HP Web JetAdmin vulnerabilities. We have received reports of successful exploitation of vulnerable systems.
Last Week's Internet Storm Center: Threat Update Archive is available
If you missed last weeks Internet Storm Center: Threat Update Featuring: Johannes Ullrich, Marcus Sachs and fascinating Q & A submissions ( ; ^ ), you can catch the archived briefing (audio and pdf) by logging in to your SANS Portal account;
Please choose a specific diary above to comment