Re: SSH attack
On Mon, Oct 03, 2005 at 08:55:03AM +0200, Andreas Janssen wrote:
> Jared Hall (<firstname.lastname@example.org>) wrote:
> > It looks like I am being rooted right now. How do I toss this guy off
> > of my system. he has an IP address of 126.96.36.199
> > Please get back to me fast. I took the compilers off of the system,
> > and it's only running dns... so there's no firewall or anything. I
> > can't shut down ssh because that's my only connection to the system.
> Make an image of the hard disk if you can to find out how that guy came
> in, and reinstall. You don't know what he changes on your system, so
> there is hardly a way to safely revert everything he did.
Seconded. If they've got access to your system. you've lost. It would be
irresponsible as a netizen to leave the machine connected to the
The disk image would be purely for your own convenience to see how s/he
got in and learn how to prevent it in future. If it's too much work to
create one, you'll just have to write it off.