Classnotes | UNIX03 | RecentChanges | Preferences If you have a cracker on your system (or suspect you do) and simply want to pull the plug on them, there are a number of techniques you could do. From least to most extreme, a selection of them are as follows:
Block the offending IP: Using the knowledge learned when we studied IPTABLES, you can shut someone out of your system by issuing a simple iptables command. This has the advantage of leaving your system running while locking out the offending user.
Disable the Affected Service: You can also shut down any affected service by killing it.
Disable the Affected Port(s): You can use IPTABLES to lock down any affected ports.
Elliminate all but a select few ports: You can use IPTABLES to lock down all but a few key administrative ports (such as SSH).
Lock out all but a select few sources: You can use IPTABLES to lock out all internet address sources except for a few deemed "safe" (such as another network behind the firewall, or an administrator's desktop machine).
Lock out all sources: You can use IPTABLES to lock out all incoming sources.
Lock out all outgoing communication: If the cracker has a process running on your machine, simply locking out incoming communication will not prevent them from getting some acces to your machine. In this case, you can use IPTABLES to prohibit outgoing communication.
Shut down the network interface: Issue something like ifconfig down eth0 and bring the affected interface down.
Shut down the computer: Issue a halt or shutdown -h now.
Pull the network plug: Well... you can physically pull the network plug... but if you still have malicious and unchecked processes that prevent you from shutting the system down then you may want to...
Pull the power: In the most extreme cases where shutdowns are intercepted and nullified, then you have no other choice than to physically cut power to the machine.
