I’ve got a customer with a bugged laptop. Not biggie, sending spam. I haven’t quite tracked that down yet, looks like it is logging into a remote server on 443, nothing obvious.
What I’ve noticed that brought me to bring this to the list is that it is currently 192.168.0.50 on my office network, probing 192.168.1.4 through 6 on SNMP (doesn’t exist on my network, only on my sandbox that this laptop can’t see at all, nothing has been on my sandbox in weeks), also pinging my edge, though not my local edge, my network edge on it’s internal IP of 10.0.11.1. The customer’s IP address is on the 10.0.22.0/24 subnet, two hops to 10.0.11.0/24. At my office it is two hops from 192.168.0.0/24 to 10.0.11.1. If it was some form of a hack you’d figured they’d go by my public IP, though I suppose they’re looking for the possibility of not being secured on the inside. Just throwing this out there, looked interesting and weird to me.
