Didn't this happen in Skyfall?

On Tue, Feb 9, 2016 at 4:33 PM, Josh Luthman <j...@imaginenetworksllc.com>
wrote:

> +1
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On Feb 9, 2016 5:29 PM, "Eric Kuhnke" <eric.kuh...@gmail.com> wrote:
>
>> you brought a known-infected laptop into your office and plugged it into
>> your LAN?  uhhh... okay.....
>>
>> http://www.dban.org/
>>
>> the port 443 connection is probably command and control for some variety
>> of rootkit/APT.
>>
>>
>>
>> On Tue, Feb 9, 2016 at 10:00 AM, Glen Waldrop <gwl...@cngwireless.net>
>> wrote:
>>
>>> I’ve got a customer with a bugged laptop. Not biggie, sending spam.
>>>
>>> I haven’t quite tracked that down yet, looks like it is logging into a
>>> remote server on 443, nothing obvious.
>>>
>>> What I’ve noticed that brought me to bring this to the list is that it
>>> is currently 192.168.0.50 on my office network, probing 192.168.1.4 through
>>> 6 on SNMP (doesn’t exist on my network, only on my sandbox that this laptop
>>> can’t see at all, nothing has been on my sandbox in weeks), also pinging my
>>> edge, though not my local edge, my network edge on it’s internal IP of
>>> 10.0.11.1.
>>>
>>> The customer’s IP address is on the 10.0.22.0/24 subnet, two hops to
>>> 10.0.11.0/24. At my office it is two hops from 192.168.0.0/24 to
>>> 10.0.11.1.
>>>
>>> If it was some form of a hack you’d figured they’d go by my public IP,
>>> though I suppose they’re looking for the possibility of not being secured
>>> on the inside.
>>>
>>> Just throwing this out there, looked interesting and weird to me.
>>>
>>>
>>

Reply via email to