21 Sep
2004
21 Sep
'04
12:55
On Tue, Sep 21, 2004 at 02:40:11PM +0200, suse@bortal.de wrote:
I have not started the forensics on this box. Pulled it offline and left it running until I can get to it.
You left it "running" ?
If you leave your system running you can examine the content that is loaded in memory.
I suspect, but cannot confirm, that it was via SSHv1 that I inadvertantly left enabled in webmin.
SuSE want the HD image?
I doubt it...it's not SuSE`s fault anyway :)
No doubt about that, but maybe they want to play around with it? I'd ask your local honeynet project, I bet they'll be interessted in it. marc