Re: SSH attack
On 10/03/2005 06:14 pm, Marty wrote:
> Jared Hall wrote:
> > It looks like I am being rooted right now. How do I toss this guy off
> > of my system. he has an IP address of 210.95.212.131
>
> It's a kid! Whois returns "Hanguk Kwangsan Technoledge High School."
BTW if you want to kill the connection while it is active, do 'netstat
-cpantu' and then 'kill -9 <PID>'
The PID is the number after "ESTABLISHED" in the output of that netstat
command.
This might not work if the attacker has already entered the system and
installed their "rootkit". In such a case, you would need to disconnect the
machine.
8)
Reply to: