Iptables to lock down compromised server to a single ip

Posted by ollybee on Server Fault See other posts from Server Fault or by ollybee
Published on 2013-07-01T09:16:26Z Indexed on 2013/07/01 10:23 UTC
Read the original article Hit count: 179

Filed under:
|
|
|

I have a Linux server which is compromised, I can see nasty looking perl scripts executing with root privileges. I want to get some data off it before I wipe it. How can I block all inbound and outbound traffic except for my ip? It's a Centos server I assume i can do this with iptables?

I'm aware a the server is rooted there is a possibility that attackers could have made changes on the server that would prevent this from working. Ill be testing to make sure and only have the server online for a couple of hours before it is nuked.

© Server Fault or respective owner

Related posts about linux

Related posts about security