Hi Lynn, When you say you, you mean the original poster...right? I was responding to him.
Anyway, I think your approach would be a better one, backup the whole disk to a blank diskette, reboot the original disk and then you have a snapshot and can compare while returning to a safe condition. That was my first thought was to get back to safe ASAP and save the logs for ip addys and such. I like your approach better. Just as quick, and more complete. Later Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lynn Avants Sent: Wednesday, January 08, 2003 10:26 AM To: leaf-user Subject: Re: [leaf-user] Does this indicate I've been hacked? On Wednesday 08 January 2003 07:42 am, Tony wrote: > Well, my thought is...why not just reboot to be sure. I mean, your LEAF > box is running out of RAM disk right? All LEAF variants do, you haven't stated what you are specifically using. > The disk is write protected isn't it? Only you can answer that, personally I generally use Cd's or CF cards. > Now, that doesn't mean that it can't happen again, so I would continue > to investigate but I would copy all relevant log files to a disk and > reboot. The log files won't generally indicate anything that was _successful_. I would back _everything_ up on another disk and check the packages from another box.....definately root.lrp. I haven't heard of a LEAF firewall that has been compromised in over 3 years now, but you haven't given any ideas of what you've actually setup other than it is LEAF. You may be running telnet to the internet for all I know at this point. I wouldn't expect much more help unless you can give us a lot more specific information than what you have. I would tend to think that you possibly have a compromised box on your LAN or someone is attempting to attack your firewall, but I don't know anything about your system. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
