Rural customer. Just about the only neighbor that could have gotten on their
WIFI just died in their early 90s.
No idea.
I think it is just a 100% misdiagnosis by non-IT guys. I’m trying to get the
info myself.
>From what I’ve been able to put together it sounds like someone has their
>login and password to their email accounts.
Still need all of the info.
I guess that 90+ year old could have been taking in side money as a spammer,
but...
From: That One Guy /sarcasm
Sent: Tuesday, February 09, 2016 10:01 PM
To: af@afmug.com
Subject: Re: [AFMUG] Odd situation
dish probably connected some smart tv/roku/wifi extender in an unsecured
fashion to their network and never told the customer about it, and it has since
been hijacked and is relaying spam
On Tue, Feb 9, 2016 at 9:38 PM, Glen Waldrop <gwl...@cngwireless.net> wrote:
First and foremost my office is a computer service, so bugged computers come
through here 24/7. It is my job.
The whole point of that was to monitor what it was doing.
Digging in to the IP’s it was communicating with, the secure connection was
to Microsoft. Windows 8 and 10 have to call home to big brother constantly. Not
a fan.
Looks like yet another “the sky is falling, fix it, it is pwned beyond
belief” was sent to my office with pretty much nothing wrong with it. I went
through it multiple times, all I found was the Inbox toolbar. Watched it on
torch for 5 hours, nothing but Microsoft and the SNMP traffic, no emails, nada.
The SNMP queries coming from it still puzzle me, though it is likely the
laptop is trying to monitor his home security system or something.
Long story short, the laptop was sent to me because supposedly they’re
sending 17k spam a day from their IP. Problem is they’re on my Internet and the
IP in question belongs to Dish network, which they do have as a backup, but
wasn’t even connected at the time.
Looks like a whole lot of misdiagnosis by non-IT guys.
From: Eric Kuhnke
Sent: Tuesday, February 09, 2016 4:37 PM
To: af@afmug.com
Subject: Re: [AFMUG] Odd situation
only the second most preposterous part of the movie, after the part where
javier bardem escapes and detonates the floor of a london tube tunnel at
precisely the right time, causing the train to chase bond...
Q is supposed to be a genius level intellect and network security/blackhat,
yet he plugs the device into their secure network?
nevermind all the fancy eye candy GUI hacking crap which is required because
it's hollywood...
On Tue, Feb 9, 2016 at 2:35 PM, Cameron Crum <cc...@wispmon.com> wrote:
Didn't this happen in Skyfall?
On Tue, Feb 9, 2016 at 4:33 PM, Josh Luthman <j...@imaginenetworksllc.com>
wrote:
+1
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Feb 9, 2016 5:29 PM, "Eric Kuhnke" <eric.kuh...@gmail.com> wrote:
you brought a known-infected laptop into your office and plugged it
into your LAN? uhhh... okay.....
http://www.dban.org/
the port 443 connection is probably command and control for some
variety of rootkit/APT.
On Tue, Feb 9, 2016 at 10:00 AM, Glen Waldrop <gwl...@cngwireless.net>
wrote:
I’ve got a customer with a bugged laptop. Not biggie, sending spam.
I haven’t quite tracked that down yet, looks like it is logging into
a remote server on 443, nothing obvious.
What I’ve noticed that brought me to bring this to the list is that
it is currently 192.168.0.50 on my office network, probing 192.168.1.4 through
6 on SNMP (doesn’t exist on my network, only on my sandbox that this laptop
can’t see at all, nothing has been on my sandbox in weeks), also pinging my
edge, though not my local edge, my network edge on it’s internal IP of
10.0.11.1.
The customer’s IP address is on the 10.0.22.0/24 subnet, two hops to
10.0.11.0/24. At my office it is two hops from 192.168.0.0/24 to 10.0.11.1.
If it was some form of a hack you’d figured they’d go by my public
IP, though I suppose they’re looking for the possibility of not being secured
on the inside.
Just throwing this out there, looked interesting and weird to me.
--
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.
