I cannot believe you haha! Great way to announce a pregnancy lol 😂😂 On Tue, May 9, 2017 at 6:13 PM Joe Novak <jno...@lrcomm.com> wrote:
> LOL. Excellent delivery. Congrats Steve! > > On Tue, May 9, 2017 at 10:56 AM, Steve Jones <thatoneguyst...@gmail.com> > wrote: > >> Hers the initial diagnostic output >> >> On May 9, 2017 9:52 AM, "Steve Jones" <thatoneguyst...@gmail.com> wrote: >> >>> There is only one infected device. The malicious code that is >>> replicating is directly attached to the command and control node. I know a >>> lot of people would simply CleanSweep, but we just don't feel that is an >>> appropriate step. There may be an IOT baby monitor that gets swept up in >>> all this before its over in December. >>> >>> On Tue, May 9, 2017 at 7:34 AM, David Milholen <dmilho...@wletc.com> >>> wrote: >>> >>>> As any virus running on a network it has a pattern weather it be >>>> dormant on the network at times or not. >>>> >>>> Identify the pattern and where it is trying to phone home to and >>>> isolate it from phoning home. Then Clean sweep the machines you have >>>> control of. >>>> >>>> The worst part of any of this is that IOT devices IE(ip cameras,dvrs, >>>> tempature monitors and others) are the real threat as they have weak basic >>>> code that is open to the network. >>>> >>>> Isolation will be your best bet. This will prevent DDOS attacks on one >>>> front but doesnt stop new viruses from entering. >>>> >>>> >>>> >>>> On 5/8/2017 10:34 PM, Steve Jones wrote: >>>> >>>> an addendum to this, there are two primay variants to the payload. One >>>> tends to be much more aggressive, a much more roughly defined code, not all >>>> that pretty, but ultimately very versatile and robust. The other is >>>> normally more elegant in design, but it tends to be visciously malicious, >>>> this is the one to be most concerned of. Its underlying code has started >>>> wars and destroyed nations >>>> >>>> On Mon, May 8, 2017 at 9:49 PM, Steve Jones <thatoneguyst...@gmail.com> >>>> wrote: >>>> >>>>> So this weekend I discovered a Trojan virus on my network. Sometime >>>>> around January we had opted to remove an old firewall that had met its >>>>> product life cycles end. We were still in the process of deciding whether >>>>> to continue with temporary firewalls or look toward more robust >>>>> input/output chain policies for a hardened, more permanent solution. In >>>>> the >>>>> mean time, of course, we continued to do the upload/download thing. We had >>>>> some suspicion that there was something going on, we noted alot of >>>>> broadcast storms, particularly in the mornings. The network had become >>>>> particularly sluggish and there seemed to be alot of application bloat, >>>>> initially i just attributed this to poor code maintenance resulting in a >>>>> memory leak. >>>>> We did a basic Netstat this weekend and discovered a traffic anomaly. >>>>> So we went to a professional and had them run a packet sniffer. We had >>>>> verification of foreign code, likely for as long as 6-8 weeks. >>>>> It will be layer 3 in this case but its too early to tell whether this >>>>> codes payload will be TCP or UDP, we will be monitoring as the code >>>>> replicates. This is a pretty common virus, as a matter of fact we have all >>>>> had it at one point, probably so long ago we dont even remember. We >>>>> anticipate The fully formed packet chain to leave NAT mode and be fully >>>>> routed out to the WAN in December. >>>>> >>>> >>>> >>>> -- >>>> >>> >>> > -- Darin Steffl Minnesota WiFi www.mnwifi.com 507-634-WiFi <http://www.facebook.com/minnesotawifi> Like us on Facebook <http://www.facebook.com/minnesotawifi>