Re: SSH attack
On Sun, 2005-10-02 at 22:57 -0700, Jared Hall wrote:
> It looks like I am being rooted right now. How do I toss this guy off
> of my system. he has an IP address of 126.96.36.199
> Please get back to me fast. I took the compilers off of the system,
> and it's only running dns... so there's no firewall or anything. I
> can't shut down ssh because that's my only connection to the system.
Edit the sshd config file to talk to only your IP; restart sshd.
Add a iptables rule to block his IP.
'iptables -I INPUT -s 188.8.131.52 -j DROP'
You might not have a firewall, but the 3 default chains are there and
iptables can put rules in them.
GPG ID: D0D7FF20