Next Previous Contents

6. After the compromise

6.1 General behavior

If you really want to clean up residual wastes, you should remove the compromised host from your network and re-install the OS from scratch. This might not have any effect if you do not know how the intruder got root. In this case you must check everything: firewall/file integrity/loghost logf iles and so on.


Next Previous Contents