server compromised, what got touched?

J

jmcant1

n00b
Joined
Aug 4, 2005
Messages
1
Is there a way to detect what folders/files were searched or touched when an attack is discovered? Our security guys shut down one of my servers because of a lot of bandwidth happening on an unused port. There is some personal data on the server and I need to know if that information was compromised.

Thanks!
 
It's unlikely you can tell what was touched. If they compromised it at the administrator/local system level and were able to run their own code, consider the whole thing lost. They may have only wanted to run their bandwith hogging application, but it would have been trivial for them to take whatever data they wanted. There's also no telling what else might be on the system. Wipe it completely, reinstall and inform whoever the personal data belongs to that it could be compromised.
 
You must log in or register to reply here.
Back
Top