Re: SSH attack
On (07/10/05 17:38), Del Boy wrote:
> >It looks like I am being rooted right now. How do I toss this guy off
> >of my system. he has an IP address of 188.8.131.52
> >Please get back to me fast. I took the compilers off of the system,
> >and it's only running dns... so there's no firewall or anything. I
> >can't shut down ssh because that's my only connection to the system.
> Some years ago, when I first set up an 'always on' internet connection,
> I was plagued with hackers to the point that I could not even get
> machines to install and connect to the net for long enough to update
> anti-virus systems etc. As we have both windoze and linux boxes on the
> network, we needed to cover both. Having tried several schemes, we
> settled on Draytek routers, which come with excellent 'out of box '
> defaults, and are very simple to setup and use. We now use NAT always,
> to route network traffic to any box, as we see fit. If for instance I
> need to set up a new debian box, I simply assign a local IP address like
> 192.168.0.75 to the new debian installation, and if I neeed to be able
> to access this box form the internet, I can use port redirection in the
> draytek to point me to this box. In about 6 years, we have never had a
> hacker inflicted mess, and we now use these router/firewall boxes on all
> networks which we support. see www.draytek.com and look at 2600 and
> 2900 models.
I agree. We've been using these for sometime. In addition the 2600 (and
possibly 2900) provides VPN, which means you can avoid NAT and ssh via
an IPSec VPN connection.
...strategies for business