Re: SSH attack

To: debian-user@lists.debian.org
Subject: Re: SSH attack
From: Jon Dowland <lists@alcopop.org>
Date: Mon, 3 Oct 2005 09:57:42 +0100
Message-id: <[🔎] 20051003085742.GA25793@alcopop.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] dhqkjj$2op$1@sea.gmane.org>
References: <[🔎] 547e6a320510022257h16636051l1c2ce306d0cb0963@mail.gmail.com> <[🔎] dhqkjj$2op$1@sea.gmane.org>

On Mon, Oct 03, 2005 at 08:55:03AM +0200, Andreas Janssen wrote:
> Hello
> 
> Jared Hall (<jrhall@gmail.com>) wrote:
> 
> > It looks like I am being rooted right now.  How do I toss this guy off
> > of my system.  he has an IP address of 210.95.212.131
> > 
> > Please get back to me fast.  I took the compilers off of the system,
> > and it's only running dns... so there's no firewall or anything.  I
> > can't shut down ssh because that's my only connection to the system.
> 
> Make an image of the hard disk if you can to find out how that guy came
> in, and reinstall. You don't know what he changes on your system, so
> there is hardly a way to safely revert everything he did.

Seconded. If they've got access to your system. you've lost. It would be
irresponsible as a netizen to leave the machine connected to the
Internet.

The disk image would be purely for your own convenience to see how s/he
got in and learn how to prevent it in future. If it's too much work to
create one, you'll just have to write it off.

-- 
Jon Dowland
http://jon.dowland.name/

Reply to:

References:
- SSH attack
  - From: Jared Hall <jrhall@gmail.com>
- Re: SSH attack
  - From: Andreas Janssen <andreas.janssen@bigfoot.com>

Prev by Date: Re: rosegarden4 no sound SOLVED-UNSOLVED!
Next by Date: Re: GNOME "other" menu
Previous by thread: Re: SSH attack
Next by thread: Re: SSH attack
Index(es):
- Date
- Thread