[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH attack

On Mon, Oct 03, 2005 at 08:55:03AM +0200, Andreas Janssen wrote:
> Hello
> Jared Hall (<jrhall@gmail.com>) wrote:
> > It looks like I am being rooted right now.  How do I toss this guy off
> > of my system.  he has an IP address of
> > 
> > Please get back to me fast.  I took the compilers off of the system,
> > and it's only running dns... so there's no firewall or anything.  I
> > can't shut down ssh because that's my only connection to the system.
> Make an image of the hard disk if you can to find out how that guy came
> in, and reinstall. You don't know what he changes on your system, so
> there is hardly a way to safely revert everything he did.

Seconded. If they've got access to your system. you've lost. It would be
irresponsible as a netizen to leave the machine connected to the

The disk image would be purely for your own convenience to see how s/he
got in and learn how to prevent it in future. If it's too much work to
create one, you'll just have to write it off.

Jon Dowland

Reply to: