Iptables to lock down compromised server to a single ip
Posted
by
ollybee
on Server Fault
See other posts from Server Fault
or by ollybee
Published on 2013-07-01T09:16:26Z
Indexed on
2013/07/01
10:23 UTC
Read the original article
Hit count: 179
I have a Linux server which is compromised, I can see nasty looking perl scripts executing with root privileges. I want to get some data off it before I wipe it. How can I block all inbound and outbound traffic except for my ip? It's a Centos server I assume i can do this with iptables?
I'm aware a the server is rooted there is a possibility that attackers could have made changes on the server that would prevent this from working. Ill be testing to make sure and only have the server online for a couple of hours before it is nuked.
© Server Fault or respective owner