Didn't this happen in Skyfall? On Tue, Feb 9, 2016 at 4:33 PM, Josh Luthman <j...@imaginenetworksllc.com> wrote:
> +1 > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > On Feb 9, 2016 5:29 PM, "Eric Kuhnke" <eric.kuh...@gmail.com> wrote: > >> you brought a known-infected laptop into your office and plugged it into >> your LAN? uhhh... okay..... >> >> http://www.dban.org/ >> >> the port 443 connection is probably command and control for some variety >> of rootkit/APT. >> >> >> >> On Tue, Feb 9, 2016 at 10:00 AM, Glen Waldrop <gwl...@cngwireless.net> >> wrote: >> >>> I’ve got a customer with a bugged laptop. Not biggie, sending spam. >>> >>> I haven’t quite tracked that down yet, looks like it is logging into a >>> remote server on 443, nothing obvious. >>> >>> What I’ve noticed that brought me to bring this to the list is that it >>> is currently 192.168.0.50 on my office network, probing 192.168.1.4 through >>> 6 on SNMP (doesn’t exist on my network, only on my sandbox that this laptop >>> can’t see at all, nothing has been on my sandbox in weeks), also pinging my >>> edge, though not my local edge, my network edge on it’s internal IP of >>> 10.0.11.1. >>> >>> The customer’s IP address is on the 10.0.22.0/24 subnet, two hops to >>> 10.0.11.0/24. At my office it is two hops from 192.168.0.0/24 to >>> 10.0.11.1. >>> >>> If it was some form of a hack you’d figured they’d go by my public IP, >>> though I suppose they’re looking for the possibility of not being secured >>> on the inside. >>> >>> Just throwing this out there, looked interesting and weird to me. >>> >>> >>
