this post was submitted on 22 Jul 2023
82 points (95.6% liked)
Technology
59436 readers
3358 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
True, but I would confirm a device is compromised before nuking the OS, not just do it willy-nilly because maybe it could be. A better way to phrase what OP is asking is: what are some ways to troubleshoot this without making a ton of potentially unnecessary work for myself?
...to which I would say, run a
netstat
on any systems that you can, check those IP's against WHOIS and/or traceroute. Anything that traces to Eastern Europe, Russia, China, most of SEA is a red flag. Dig a little deeper with Wireshark or Glasswire to inspect some actual packets for suspicious content. I think there's a network logger that can trace the process using a given connection, but the name eludes me).Find your smoking gun, then torch the OS.