good thinking, I did that now On Sun, Mar 8, 2015 at 2:34 PM, Josh Luthman <[email protected]> wrote:
> I'd turn off the portal change mac thing for now. I'd bet there's a wrong > variable type and it's looping around. > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > On Mar 8, 2015 3:24 PM, "That One Guy" <[email protected]> wrote: > >> I can replicate the issue, I opened a ticket with powercode, just want >> input since weekend support is billable. >> Yes, powercode is pretty much a big DHCP server with reservations, >> customers have static reservations, the portal allows them to change their >> MAC address if they change their device. >> >> Ive never seen this IP space before. the red flag is that that >> Commerzbank is affiliated with bitcoin mining, not that that industry has >> any nefarious activity going on ever (maybe powercode way back in Utah had >> been using the spare processing power on their customers billing servers to >> mine bitcoins, it would explain how come billing servers always ran heavy) >> >> Im just suspicious by nature of anything I dont recognize, and when its >> made a change to a system housing customer data, I get really nervous. Our >> firewall is pretty restrictive in what actually gets to the billing server. >> Thats where Im headed next, to review those logs >> >> >> >> On Sun, Mar 8, 2015 at 2:13 PM, Josh Luthman <[email protected] >> > wrote: >> >>> Customers replace the 1 MAC they get in the event they change their >>> router or sometimes PCs. This is done with DHCP leases. >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> On Sun, Mar 8, 2015 at 3:12 PM, Chuck McCown <[email protected]> wrote: >>> >>>> Why would a customer be changing or updating a MAC? >>>> How are your IPs assigned? NAT? Radius? >>>> >>>> *From:* That One Guy <[email protected]> >>>> *Sent:* Sunday, March 08, 2015 1:06 PM >>>> *To:* [email protected] >>>> *Subject:* [AFMUG] Powercode oddity - Commerzbank Ip space >>>> >>>> I am able to replicate a small issue we are having, trying to make >>>> the decision of whether it looks like a security issue or just a bug. >>>> >>>> Through powercode, there are two ways to update equipment, through our >>>> interface, where we select all the details and through the customer portal >>>> where all the customers can do is update their MAC address. >>>> >>>> no problems with our end. >>>> >>>> However, when a customer updates their MAC address, it is assigning IP >>>> space that apparently belongs to this Commerzbank IP space 208.74.54.100 >>>> and 208.74.54.99. >>>> >>>> This IP space is absolutely not in our system, and wouldnt route >>>> naturally on our network >>>> >>>> Net Range 208.74.52.0 - 208.74.55.255 CIDR 208.74.52.0/22 >>>> Name DKIB-USA Handle NET-208-74-52-0-1 Parent NET208 (NET-208-0-0-0-0 >>>> <http://whois.arin.net/rest/net/NET-208-0-0-0-0.html>) Net Type Direct >>>> Assignment Origin AS Organization Commerzbank AG (COMMER-109 >>>> <http://whois.arin.net/rest/org/COMMER-109.html>) >>>> >>>> My initial thoughts are this is some bug in powercode. >>>> >>>> Paranoid me is that our system is somehow compromised and rerouting >>>> illegitimate traffic somehow. Customer is down, so not through them. but >>>> something like TOR rerouting or some other magician script for the axis of >>>> evil. >>>> >>>> Anybody have any ideas on this? I am debating taking our billing server >>>> offline, but would hate to take such an extreme measure for what could >>>> amount to nothing more than a fat finger from a programmer. >>>> >>>> -- >>>> If you only see yourself as part of the team but you don't see your >>>> team as part of yourself you have already failed as part of the team. >>>> >>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
