[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH attack

On Sun, 2005-10-02 at 22:57 -0700, Jared Hall wrote:
> It looks like I am being rooted right now.  How do I toss this guy off
> of my system.  he has an IP address of
> Please get back to me fast.  I took the compilers off of the system,
> and it's only running dns... so there's no firewall or anything.  I
> can't shut down ssh because that's my only connection to the system.

Edit the sshd config file to talk to only your IP; restart sshd.


Add a iptables rule to block his IP. 

'iptables -I INPUT -s -j DROP'

You might not have a firewall, but the 3 default chains are there and
iptables can put rules in them.

Glenn English

Reply to: