Quote:
Originally Posted by kalabanta
Try this post here.
|
(OT, but since I'm a moderator I'm allowed to do so
Members who frequent LQSEC have done incident handling for the past years in a dedicated, decisive and successful way. If members don't react within say twentyfour hours then, and only if you aren't capable of doing incident handling yourself, you've got a case for redirecting off-site. In all other cases I'd rather you didn't.
@oknow: Hangdog42 is on the right track: 1) mitigate the situation by isolating the box (stop services and restrict access to your IP or range if it is a colo box), 2) investigate (take snapshots of users, running processes, network connections and open files before killing anything) and please try to be as verbose as you can when reporting.