There are many CERTs but I think that this is the one referred to.
http://www.cert.org/
Dave
| In article <
[email protected]>,
| (e-mail address removed) says...
| > Does anyone know of a script that will search syslog for potential
| > Trojan infected hosts? A site I helped to cleaned up was extremely infected
| > .
| > Now I suspect some lingering programs. How is syslog checked for
| > common trojan ports? Is there a swatch-like utility out there?
| > Thanks
| >
| >
| >
|
|
| If the host was infected, there's no sure-fire-way to determine if *all*
| files are safe. Your only hope is to backup your data/config files and
| reinstall from scratch. Probably your best option would be to replace
| the harddrive and use a new one, installing everything from scratch.
| Apply all patches prior to turning any daemons on.
|
| Cert has a nice "how to", for once you've been compromised.
|
| --
| Colonel Flagg
|
http://www.internetwarzone.org/
|
| Privacy at a click:
|
http://www.cotse.net
|
| Q: How many Bill Gates does it take to change a lightbulb?
| A: None, he just defines Darkness? as the new industry standard..."
|
| "...I see stupid people."
