Michael Lazin via plug on 25 Jun 2023 17:33:44 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] makeshift forensic copy with scp

I think I answered this myself, I found my scp was hanging in the proc filesystem because of the symlinks, I may have to figure out how to copy this without /proc another day.  Thanks all.  

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.


On Sun, Jun 25, 2023 at 7:54 PM Michael Lazin <microlaser@gmail.com> wrote:
I have a system that I found malware on and I want to examine it locally.  I connected to it with ssh as root, I know this is a risky setup but it is only internally facing, which is why I have great curiosity.  I am using scp to copy the full filesystem over the network but I have a fear that symlinks such as those in /proc could make it run forever.  How does scp handle syminks?  Will it loop and never end or will my process finish?  

Thank you,

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug