[Dshield] mystery FTP server

mike harrison meuon at highertech.net
Mon Aug 27 23:13:01 GMT 2001


> I would appreciate any info relating to the origin, mechanics, removal, or
> any other info about this.

removal: 

  I contend that that it is impossible to 'remove' an intrusion and
  take over at this level. You may never know what else is lurking
  in the bowels of your server to awaken later. Chosen OS and your
  skill level with it are not the issue. 

  Boot from a write protected boot floppy.

  fdisk /mbr  (clean off master boot record)

  fdisk and format drive from scratch.

  insert bootable OS install CD and start from scratch.






More information about the list mailing list