My enterprise recently suffered a server breach and we're now trying to clean up. I've noticed more traffic than...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
usual coming from the server and have heard about hackers leaving behind tools called "booter shells" after attacks to be used for future DDoS attacks. How can I tell if booter shells are infecting this server? How can I clean them off if they're on the server?
Ask the expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Depending on the details of a breach, the risk involved with trying to clean-up a compromised server is very high as remnants from the breach can still remain, including the aforementioned booter shells, rootkits, malicious cron jobs, start-up scripts, compromised files, etc. Often, desktop systems are cleaned rather than rebuilt due to a fear of overwhelming desktop support with the task of rebuilding workstations. Server administrators share the same concerns. They might try to clean all traces of an attack from a server, but the consequences of not cleaning a server fully might be more significant than not cleaning a desktop.
If a file integrity monitor like Tripwire or OSSEC was being used prior to an incident, a system admin can discern which files were modified during the incident. This could allow the admin to be able to effectively clean a server using the data from the file integrity monitor. Booter shells can also be detected by monitoring network traffic for a high volume of traffic to a specific site. If booter shells and other remnants of an attack aren't fully cleaned from a server, it could still be used to attack other systems on the local network or Internet. Fully cleaning and securing a compromised server is vital to an organization's future security.
Dig Deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.