guitarlynn wrote: > > On Wednesday 28 November 2001 04:05, you wrote: > > > > I am assuming the box has been cracked, > > > > Why? Because two log files are empty? > > Do you have a strong password for root? > > Are you using DF's standard ipchains rules? > > If the answers are yes, I'm not convinced. > > It's not called Dachstein "Firewall" for > > nothing. > > Many thanks to all, out of late night laziness (brought on by a 400 > mile trip that ended up with this circumstance), I should have > compared the ram disk with my exact backup. Nothing has been > accessed, nothing has been changed, nothing has been compromised, > nothing has been rootkitted here. ~~Sorry for wasting brainpower~~!!! > > The "hacker/cracker" has been using a prog that exploits im's/pm's in > yahoo chat that leaves M$ 9x/ME boxes wide open on the tcp channel. > It's the same thing that has plagued AOL for years now. I guess it's > just proof that closed-source software doesn't help a thing once > again. > > I just need to remember how _not_ to log certain DENY'ed packets. > I start another thread since I can't seem to find anything on the > sites or in the archives (though I remember this being discussed > a year or two ago.)
My first thought when reading that you had nothing in your logs and your ramdisk was full just meant that it had been zero'ed or rotated and archived and that sysklogd had stoppped logging because the ramdisk was full. It happens to me every once in a while when I'm being port scanned. Try this: svi sysklogd restart It should get your logs working again. As far as stopping something from being logged, the ipchains rule(s) is(are) being created with the -l switch. If you issue the same ipchains command(s) without -l then you won't log them. I think with DF, you have to modify a shell variable rather than hack the rules themselves. Make a new post about disabliing logging of certain packets in DF and you should get your answer. Good Luck, Matthew _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
