Forensics on Virtual Private servers [closed]

Posted by intiha on Server Fault See other posts from Server Fault or by intiha
Published on 2012-10-04T07:07:19Z Indexed on 2012/10/04 9:40 UTC
Read the original article Hit count: 174

Filed under:

vps

|

virtual-machines

|

Datacenter

|

forensics

So these days with talks about having hacked machines being used for malware spreading and botnet C&C, the one issue that is not clear to me is what do the law enforcement agencies do once they have identified a server as being a source or controller of attack/APT and that server is a VPS on my cluster/datacenter?

Do they take away the entire machine?

This option seems to have a lot of collateral damage associated with it, so I am not sure what happens and what are the best practices for system admins for helping law enforcement with its job while keeping our jobs!

© Server Fault or respective owner

Related posts about vps

Primary domain in vps in vps has been deactivated

as seen on Pro Webmasters - Search for 'Pro Webmasters'
This is my scenario: I have a vps with two domains (example1.com, example2.com). When I started with this vps I set example1.com as primary domain and the nameserver were configured with the pattern ns1.example.com, ns2.example1.com. The domains were brought in name.com. Across the time, I usually… >>> More
Several IPs for my VPS

as seen on Server Fault - Search for 'Server Fault'
I bought vps on santrex.net but can't receive any reply from support. My Problem: I have 5 ip but it pings only 1!!! I can't setup DNS because I need 2 ip minimum . Could you help me to activate other my IPs? root@spnova:~# ifconfig eth0 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 … >>> More
OS for Virtual Private Server (VPS)

as seen on Server Fault - Search for 'Server Fault'
Hi guys! I'm new to VPS managing and I need to chose which OS to install on my VPS. I have the following alternatives: CentOS 5.2 Ubuntu 9.10 Ubuntu Server edition 8.10 Debian 5.0 Lenny Debian 4.0 Etch Gentoo Minimal 10.0 I tried to install couple of them, I've also installed Webmin and doesn't… >>> More
Can't connect to website after altering IPTables

as seen on Server Fault - Search for 'Server Fault'
I attempted to open up a port on my VPS, but I can't connect to my website after opening up that port. Below are the commands I issued to open the port. I didn't get an error or anything after setting this up. I just can't connect to my website after doing this. [root@vps ~]# iptables -F [root@vps… >>> More
The vps is running, but the domain name is down ?

as seen on Server Fault - Search for 'Server Fault'
Hi, i created a vps on vps.net and installed CentOS 5.4 x64 LAMP , i choosed the root password and the server start running, i added my domain name in the vps domain section, also i added the two name servers on where i bought the domain name. the problem is that i still can't access the domain… >>> More

Related posts about virtual-machines

VBoxHeadless - Running Virtual Machines With VirtualBox 3.1.x On A Headless Fedora 12 Server

as seen on Internet.com - Search for 'Internet.com'
<b>Howtoforge:</b> "This guide explains how you can run virtual machines with Sun VirtualBox 3.1.x on a headless Fedora 12 server. Normally you use the VirtualBox GUI to manage your virtual machines, but a server does not have a desktop environment. Fortunately, VirtualBox comes with… >>> More
Windows Azure Virtual Machine Test Drive Kit

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
The public preview of hosted Virtual Machines in Windows Azure is now available to the general public. This platform preview enables you to evaluate our new IaaS and Enterprise Networking capabilities. Once you have registered for the 90 Day Free Trial and created a new account, you can access the… >>> More
Quick and clean ways to clone virtual machines

as seen on Server Fault - Search for 'Server Fault'
I have 2 hypervisors running. One is an ESXi 4, the other one a Hyper-V 2008 R2. My question is: What is the cleanest and easiest way to clone a machine under each hypervisor without using any centralized management tool. Thanks. >>> More
VMware Workstation: suspend all virtual machines with vmrun

as seen on Super User - Search for 'Super User'
I know I can suspend a given VMware virtual machine on the command line with: vmrun suspend /path/to/virtual_machine_file.vmx Is there any way to suspend all virtual machines at once using vmrun? Something like vmrun suspend all? >>> More
Virtual Machines Renaming/Backing up/Sharing

as seen on Super User - Search for 'Super User'
I've started using VMware virtual machines for all of my software development projects and have a few questions for others doing the same thing. First, how can you rename the virtual machine and the name of the virtual hard drive? I have a base development machine that I clone for different projects… >>> More