[Dshield] Is it true that Linux users do not fear Viruses and Trojans (+ some vital questions)
pandry at wolverinefreight.ca
Thu Oct 10 16:20:57 GMT 2002
Firewalls ultimately will fail to stop a determined and knowledgable
intruder. This fact however does not negate their usage. A
well-configured firewall most likely would have stopped this attack.
The attack in itself seemed opportunistic and malicious. It is not
unheard of that an attacker would erase all of one's data, but it is
Attaching a monetary value to damages is a good idea. Perhaps your
provider would be more willing to help knowing that there was more than
pride that was damaged. Also check your terms of service with your
ISP, specifically regarding networks and allowed use.
After the attack, how did you go about recovering? Did you pull the
plug on the machine, erase everything, and reinstall? Did you examine
what happened and document it? These steps are important if you are
expecting help in tracking down the cause/culprit. Also, knowing how
your system was compromised would be a great help. Due to the damage,
I would lean towards an internet virus/worm.
The big question I have, is how did you track down the attacker? This
would give us more insight into exactly what happened.
I don't think that anyone on this list would disagree with timely
backups, distributed storage, yada yada...
I think the biggest error made in this situation was faking the network
structure of a big company without faking the policy that goes with it.
Incidentally, this was exactly how I learned my lesson.
John Groseclose wrote:
> Question: why did you not simply restore your data from your
> More important than building a solid firewall is backing up your data
> in intervals that make sense for the importance of the data. If you
> can afford to lose a week's worth of work, back up once a week.
> I back up daily. Several of the systems that I work on write data to
> optical drives as the data comes in, so that no data is ever really
> 1) Firewalls can fail to stop a determined intruder.
> 2) Catching them after the damage is done may not result in anything
> useful - can you attach a monetary value to whatever time you'd put
> into the dissertation?
> 3) Archiving your data and keeping it safe will minimize the amount of
> time you have to spend rebuilding everything, dependent solely on the
> archival interval.
More information about the list