Re: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread Pete Davis

Victoria wrote:



Theoretically, if someone attempted to hack into your network via your
router, say at least ten times, what would you do?  
If you could identify this culprit via logs and IP addresses, where you had

them dead to rights, what would you do?

~V~

 

The times that I have detected attempted hacks, the source IP has always 
been out of my area. I usually will email a cease and desist request 
to the DNS Whois abuse address, and block that address from my firewall. 
If I had a subscriber attempting to break in, I would probably email him 
the logs and ask him what he is trying to do.


Pete Davis
NoDial.net

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread Victoria Proffer
Let me make it more intriguing, the hacker is an ex-employee or partner...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, January 13, 2006 6:51 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: Re: [WISPA] Attempted hack, what would you do?

Victoria wrote:

 
Theoretically, if someone attempted to hack into your network via your
router, say at least ten times, what would you do?  
If you could identify this culprit via logs and IP addresses, where you had
them dead to rights, what would you do?

~V~

  

The times that I have detected attempted hacks, the source IP has always 
been out of my area. I usually will email a cease and desist request 
to the DNS Whois abuse address, and block that address from my firewall. 
If I had a subscriber attempting to break in, I would probably email him 
the logs and ask him what he is trying to do.

Pete Davis
NoDial.net

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread Jack Weinberg
I believe the local police or DA's office is the starting point .  Does you
router route thru to a computer with credit  card info??  If so it becomes a
possible ID theft issue

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Victoria Proffer
Sent: Friday, January 13, 2006 8:48 AM
To: 'WISPA General List'
Subject: RE: [WISPA] Attempted hack, what would you do?


Let me make it more intriguing, the hacker is an ex-employee or partner...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, January 13, 2006 6:51 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: Re: [WISPA] Attempted hack, what would you do?

Victoria wrote:


Theoretically, if someone attempted to hack into your network via your
router, say at least ten times, what would you do?
If you could identify this culprit via logs and IP addresses, where you had
them dead to rights, what would you do?

~V~



The times that I have detected attempted hacks, the source IP has always
been out of my area. I usually will email a cease and desist request
to the DNS Whois abuse address, and block that address from my firewall.
If I had a subscriber attempting to break in, I would probably email him
the logs and ask him what he is trying to do.

Pete Davis
NoDial.net

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread Jonathan Schmidt
A lot of what looks like hacking/scanning can be the NIMBDA virus or other
infections.  Given that there were probably scattered traces of your
domain remaining in the other computer, it could have been a virus within
it.

Perhaps not.

. . . j o n a t h a n

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Cliff Leboeuf
Sent: Friday, January 13, 2006 9:22 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: RE: [WISPA] Attempted hack, what would you do?


If it were an ex-employee of mine, I would notify the local authorities
about his unlawful attempts. I would also send a certified letter to him
outlining what you know (not what you think or suspect), and what you
will do if it continues. You may even submit to him your proof as
evidence you are serious.
- Cliff


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Victoria Proffer
Sent: Friday, January 13, 2006 7:48 AM
To: 'WISPA General List'
Subject: RE: [WISPA] Attempted hack, what would you do?

Let me make it more intriguing, the hacker is an ex-employee or
partner...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, January 13, 2006 6:51 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: Re: [WISPA] Attempted hack, what would you do?

Victoria wrote:


Theoretically, if someone attempted to hack into your network via your
router, say at least ten times, what would you do?
If you could identify this culprit via logs and IP addresses, where you
had
them dead to rights, what would you do?

~V~



The times that I have detected attempted hacks, the source IP has always

been out of my area. I usually will email a cease and desist request
to the DNS Whois abuse address, and block that address from my firewall.

If I had a subscriber attempting to break in, I would probably email him

the logs and ask him what he is trying to do.

Pete Davis
NoDial.net

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread rcomroe
He could tell 100 others whatever access he knows.  Again, what difference 
does it make if its him or someone else he's passed info to?  I'd repassword 
every device in the network that he knew access to.  Systemwide 
repasswording is an advanced topic, but something that can be automated.

http://www.comroestudios.com/repasswording/

I presume you're not running Canopy, but the point is if I can create a 
management automation that repasswords one brand of devices, it's possible 
to automate repasswording to any managable devices.

Rich


- Original Message - 
From: Victoria Proffer [EMAIL PROTECTED]
To: 'WISPA General List' wireless@wispa.org
Sent: Friday, January 13, 2006 7:48 AM
Subject: RE: [WISPA] Attempted hack, what would you do?


Let me make it more intriguing, the hacker is an ex-employee or partner...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, January 13, 2006 6:51 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: Re: [WISPA] Attempted hack, what would you do?

Victoria wrote:


Theoretically, if someone attempted to hack into your network via your
router, say at least ten times, what would you do?
If you could identify this culprit via logs and IP addresses, where you had
them dead to rights, what would you do?

~V~



The times that I have detected attempted hacks, the source IP has always
been out of my area. I usually will email a cease and desist request
to the DNS Whois abuse address, and block that address from my firewall.
If I had a subscriber attempting to break in, I would probably email him
the logs and ask him what he is trying to do.

Pete Davis
NoDial.net

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/ 

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread Victoria
No cc info, but network info, but this group could be considered a
competitor and would only be hacking to shut my service down.  Already have
a call into the FBI. 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Jack Weinberg
Sent: Friday, January 13, 2006 8:24 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: RE: [WISPA] Attempted hack, what would you do?

I believe the local police or DA's office is the starting point .  Does you
router route thru to a computer with credit  card info??  If so it becomes a
possible ID theft issue

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Victoria Proffer
Sent: Friday, January 13, 2006 8:48 AM
To: 'WISPA General List'
Subject: RE: [WISPA] Attempted hack, what would you do?


Let me make it more intriguing, the hacker is an ex-employee or partner...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, January 13, 2006 6:51 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: Re: [WISPA] Attempted hack, what would you do?

Victoria wrote:


Theoretically, if someone attempted to hack into your network via your 
router, say at least ten times, what would you do?
If you could identify this culprit via logs and IP addresses, where you 
had them dead to rights, what would you do?

~V~



The times that I have detected attempted hacks, the source IP has always
been out of my area. I usually will email a cease and desist request to
the DNS Whois abuse address, and block that address from my firewall.
If I had a subscriber attempting to break in, I would probably email him the
logs and ask him what he is trying to do.

Pete Davis
NoDial.net

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Attempted hack, what would you do?

2006-01-13 Thread Victoria
This gets good, now he has informed his attorney that it was an attempt to
setup remote desktop...LOL, he has an MCSE!

~V~ 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Cliff Leboeuf
Sent: Friday, January 13, 2006 9:22 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: RE: [WISPA] Attempted hack, what would you do?

If it were an ex-employee of mine, I would notify the local authorities
about his unlawful attempts. I would also send a certified letter to him
outlining what you know (not what you think or suspect), and what you will
do if it continues. You may even submit to him your proof as evidence you
are serious.
- Cliff
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Victoria Proffer
Sent: Friday, January 13, 2006 7:48 AM
To: 'WISPA General List'
Subject: RE: [WISPA] Attempted hack, what would you do?

Let me make it more intriguing, the hacker is an ex-employee or partner...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, January 13, 2006 6:51 AM
To: [EMAIL PROTECTED]; WISPA General List
Subject: Re: [WISPA] Attempted hack, what would you do?

Victoria wrote:

 
Theoretically, if someone attempted to hack into your network via your 
router, say at least ten times, what would you do?
If you could identify this culprit via logs and IP addresses, where you
had
them dead to rights, what would you do?

~V~

  

The times that I have detected attempted hacks, the source IP has always

been out of my area. I usually will email a cease and desist request to
the DNS Whois abuse address, and block that address from my firewall.

If I had a subscriber attempting to break in, I would probably email him

the logs and ask him what he is trying to do.

Pete Davis
NoDial.net

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] Attempted hack, what would you do?

2006-01-12 Thread Chadd Thompson
Happens every day on our network. I get about 500 to 1000 hits a day on our
servers/router logs of ppl port scanning and or running log in scripts
trying to crack a username/pass. I have only turned a few in to thier ISP's
abuse address and never heard anything from it except for a canned message
here and there. Doesn't seem like anyone cares. Most hack attempts come from
SBC DSL or china it seems.

As far as I know I have only been hacked once, and it was my own fault. I
had a FreeBSD box that I was doing some testing on and I forgot about it and
left it on the Public side of the network. I had set up a user account with
the same username and Pass.Well someone ran a script on it and got in the
server. I didn't realize it until my MRTG router graph went crazy for a day
with a large amount of traffic. I tracked it down to the box I forgot about
and figured out what happened. They were uploading a bunch of stuff to the
box through FTP. I did turn them into thier ISP but never heard anything
from it.

Chadd

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Victoria
Sent: Thursday, January 12, 2006 9:48 PM
To: 'WISPA General List'
Subject: [WISPA] Attempted hack, what would you do?



Theoretically, if someone attempted to hack into your network via your
router, say at least ten times, what would you do?
If you could identify this culprit via logs and IP addresses, where you had
them dead to rights, what would you do?

~V~

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: 1/11/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: 1/11/2006

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/