guitarlynn wrote: > > I put a dachsrein beta firewall up last week at the house, it works > great. My wife got into an apparent ongoing battle in which > several people in a yahoo chat room were hit with a buffer over- > flow (affecting windows client) in the chat program. The room > was actually being monitored by a level 2 government employee > that was assigned to the room to monitor for script-kiddies, and > she got one of them. Unfortunately, the kiddie got my ip addy and > DDoS'ed it (from what I dug out of the logs before they filled). This > was fine (lol), except I cannot find any info in auth.log and > user.log.
Do you mean that they are empty? Do you have sshd running? It leaves a message in auth.log when sshd is started. > I am assuming the box has been cracked, Why? Because two log files are empty? Do you have a strong password for root? Are you using DF's standard ipchains rules? If the answers are yes, I'm not convinced. It's not called Dachstein "Firewall" for nothing. > probably > root kitted and they erased the two log files. The box is still up > and the gov official (and maybe Charles or someone else) would > like an image of the Ram disk to analyze....particularly for a foot- > print of the attacker. > > My question, how do I make an image of the RAM disk??? > Can I simply back up the entire disk and send it, or is there another > way??? Copy the whole ramdisk? Probably run mount to see what the devices are called and then backup /dev/ram0 and the like, the way David mentioned. Good Luck, Matthew _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
