On Sun, 2 Oct 2005 22:57:25 -0700
Jared Hall <[EMAIL PROTECTED]> wrote:
> It looks like I am being rooted right now.  How do I toss this guy off
> of my system.  he has an IP address of 210.95.212.131

It's happening here. I've logged thousands of attempts from chinanet
and kornet within the last few days. I've reported (as if that would do
any good) with "Free Tibet" and of course copies of the log - 500K in
one instance(!) but am more interested in just blocking their
entire /24 if need be.

The question is - how?

IP 210.95.212.131 (using whois) belongs to pubnet.ne.kr. I'd send a
heads up email to [EMAIL PROTECTED] and CC it to [EMAIL PROTECTED]

> Please get back to me fast.  I took the compilers off of the system,

If you only see "Failed attempt" then you're probably safe - there are
probably script kiddies running password sniffers or crackers. Note the
port(s) tried - in my case they are non-standard ones - and block them
with your firewall. Check and/or install chkrootkit.

I certainly hope you're not infected, and if so, you'll need to
reinstall.

> Jared


-- 
------------------------------------------------------------------------
David E. Fox                              Thanks for letting me
[EMAIL PROTECTED]                            change magnetic patterns
[EMAIL PROTECTED]               on your hard disk.
-----------------------------------------------------------------------


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to