Re: SSH attack

To: debian-user@lists.debian.org
Subject: Re: SSH attack
From: Pollywog <linux-debian@shadypond.com>
Date: Mon, 3 Oct 2005 18:35:41 +0000
Message-id: <[🔎] 200510031835.41504.linux-debian@shadypond.com>
In-reply-to: <[🔎] 4341751B.1060009@ix.netcom.com>
References: <[🔎] 547e6a320510022257h16636051l1c2ce306d0cb0963@mail.gmail.com> <[🔎] 4341751B.1060009@ix.netcom.com>

On 10/03/2005 06:14 pm, Marty wrote:
> Jared Hall wrote:
> > It looks like I am being rooted right now.  How do I toss this guy off
> > of my system.  he has an IP address of 210.95.212.131
>
> It's a kid!  Whois returns "Hanguk Kwangsan Technoledge High School."

BTW if you want to kill the connection while it is active, do 'netstat 
-cpantu'  and then 'kill -9 <PID>'

The PID is the number after "ESTABLISHED" in the output of that netstat 
command.

This might not work if the attacker has already entered the system and 
installed their "rootkit".  In such a case, you would need to disconnect the 
machine.

8)

Reply to:

Follow-Ups:
- Re: SSH attack
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>

References:
- SSH attack
  - From: Jared Hall <jrhall@gmail.com>
- Re: SSH attack
  - From: Marty <martyb@ix.netcom.com>

Prev by Date: Re: changing default document root directory in apache 2
Next by Date: Re: compiling gcc
Previous by thread: Re: SSH attack
Next by thread: Re: SSH attack
Index(es):
- Date
- Thread