This is forwarded from the forensics@securityfocus.com mailing list. I think you
guys can answer this question better. Please cc: them in any replies.
-b
"Fabio Pietrosanti (naif)" wrote:
> Hi ppl,
> i'm currently involved in the analisys of a compromised linux box.
> It was a IBM xSeries server.
>
> I transfer the partition of the server using cat /dev/partition| nc
> host_of_dump_storage 8889, then i check the checksum using md5sum and all it's
> ok.
>
> Where's the problem?
>
> There are 2 partition dump of 8GB .
> So i have to mount another 30GB hd, i installed Linux Kernel 2.4.2 with the
> 30gb on reiserfs .
> I recompiled all fileutils, util-linux and bin-utils with kernel 2.4.2 and the
> define for => 2GB file support .
>
> Ok, now i could download the partition, i could ls, more, strings the
> partition, but i need to use it as loop device!!
>
> When i mount the partition as loop device the mount command HANG on read()
> function... it seems that loop device under linux didn't work against => 2gb
> files ?
>
> Any solutions?
>
> Best Regards
>
> --
> Pietrosanti Fabio I.NET SpA, High Quality Access to the Internet
> e-mail: naif@inet.it ( Direzione Tecnica, Security Staff )
> firewall@inet.it
> PGP Key (DSS) http://naif.itapac.net/naif.asc
>
> Home Page URL: http://www.inet.it
> Sede: Via Darwin, 85 20019 Settimo Milanese (MI)
> Tel: 02-328631 Fax: 02-328637701
> --
> Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 23 2001 - 21:00:13 EST