Reinstall after a Root Compromise?
Posted
by
Zoredache
on Server Fault
See other posts from Server Fault
or by Zoredache
Published on 2009-05-08T09:32:30Z
Indexed on
2012/12/12
5:06 UTC
Read the original article
Hit count: 413
After reading this question on a server compromise, I started to wonder why people continue to seem to believe that they can recover a compromised system using detection/cleanup tools, or by just fixing the hole that was used to compromise the system.
Given all the various root kit technologies and other things a hacker can do most experts suggest you should reinstall the operating system.
I am hoping to get a better idea why more people don't just take off and nuke the system from orbit.
Here are a couple points, that I would like to see addressed.
- Are there conditions where a format/reinstall would not clean the system?
- Under what types conditions do you think a system can be cleaned, and when must you do a full reinstall?
- What reasoning do you have against doing a full reinstall?
- If you choose not to reinstall, then what method do you use to be reasonably confident you have cleaned and prevented any further damage from happening again.
© Server Fault or respective owner