On Sun, 2 Oct 2005 22:57:25 -0700 Jared Hall <[EMAIL PROTECTED]> wrote:
> It looks like I am being rooted right now. How do I toss this guy off > of my system. he has an IP address of 210.95.212.131 It's happening here. I've logged thousands of attempts from chinanet and kornet within the last few days. I've reported (as if that would do any good) with "Free Tibet" and of course copies of the log - 500K in one instance(!) but am more interested in just blocking their entire /24 if need be. The question is - how? IP 210.95.212.131 (using whois) belongs to pubnet.ne.kr. I'd send a heads up email to [EMAIL PROTECTED] and CC it to [EMAIL PROTECTED] > Please get back to me fast. I took the compilers off of the system, If you only see "Failed attempt" then you're probably safe - there are probably script kiddies running password sniffers or crackers. Note the port(s) tried - in my case they are non-standard ones - and block them with your firewall. Check and/or install chkrootkit. I certainly hope you're not infected, and if so, you'll need to reinstall. > Jared -- ------------------------------------------------------------------------ David E. Fox Thanks for letting me [EMAIL PROTECTED] change magnetic patterns [EMAIL PROTECTED] on your hard disk. ----------------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]