Re: Odd situation, advice needed on penentration test results

Ido,

> While catching this person is obviously of
importance,
> the more critical step to take is to secure the
system
> for forensic analysis.

I would agree that the system needs to be secured, but what good does shutting down the system do if you loose all of the volatile data, such as running processes, network connections, etc? How do you trace the issue back to whomever is responsible if you don't even know what IP address they're coming from, b/c you've lost the volatile data?

> I would recommend that the your
the
> intruder has not setup a logic bomb that triggers if
the
> network interface goes down).

I'm not sure I completely understand your reasoning here. If you unplug the power from the system, and the NIC goes down (due to lack of power), wouldn't the system itself shut off? Wouldn't the hard drive stop spinning and the CPU no longer process instructions?

If that's the case...how's a logic bomb going to execute?

Thanks,

Harlan

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1 Received on Wed Mar 26 17:05:48 2003