Im pretty sure its the mail man again, shes a pretty shady letter carrier :-)
Ive grown up in an ems family, two paramedics, two emt B and i was an emt I, two were also firefighters. Twice now the douchenozzle OB refused to let my paramedic sister deliver for CE, note we are (were at the time)literally the most advanced ems system in the US. And this hospital was the primary training facility. We figure we will tell the OB doc we have this, we only need her for her bloodwork and ultrasound, if they wont give my sis the legally required joy, we will get a dulla or however you spell it and pop the kid in the living room, mother nature trumps modern science in this regard. There have to be a few of you who popped yer youngins outside a hospital. Especially the guys who are joe smith fans. 3 times out i think we are the ones in charge. On May 9, 2017 3:59 PM, "Lewis Bergman" <lewis.berg...@gmail.com> wrote: > I hope you know the source of the infection...if not...awkward... Conrats! > > On Tue, May 9, 2017 at 1:41 PM Darren Shea <darr...@ecpi.com> wrote: > >> Even after seeing the stick, it didn’t quite register until I re-read >> everything you’d typed in this thread - clever! Congratulations! >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Steve Jones >> *Sent:* Tuesday, May 09, 2017 10:56 AM >> >> >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] OT: firewall maintenance >> >> >> >> Hers the initial diagnostic output >> >> >> >> On May 9, 2017 9:52 AM, "Steve Jones" <thatoneguyst...@gmail.com> wrote: >> >> There is only one infected device. The malicious code that is replicating >> is directly attached to the command and control node. I know a lot of >> people would simply CleanSweep, but we just don't feel that is an >> appropriate step. There may be an IOT baby monitor that gets swept up in >> all this before its over in December. >> >> On Tue, May 9, 2017 at 7:34 AM, David Milholen <dmilho...@wletc.com> >> wrote: >> >> As any virus running on a network it has a pattern weather it be dormant >> on the network at times or not. >> >> Identify the pattern and where it is trying to phone home to and isolate >> it from phoning home. Then Clean sweep the machines you have control of. >> >> The worst part of any of this is that IOT devices IE(ip cameras,dvrs, >> tempature monitors and others) are the real threat as they have weak basic >> code that is open to the network. >> >> Isolation will be your best bet. This will prevent DDOS attacks on one >> front but doesnt stop new viruses from entering. >> >> >> >> >> >> On 5/8/2017 10:34 PM, Steve Jones wrote: >> >> an addendum to this, there are two primay variants to the payload. One >> tends to be much more aggressive, a much more roughly defined code, not all >> that pretty, but ultimately very versatile and robust. The other is >> normally more elegant in design, but it tends to be visciously malicious, >> this is the one to be most concerned of. Its underlying code has started >> wars and destroyed nations >> >> >> >> On Mon, May 8, 2017 at 9:49 PM, Steve Jones <thatoneguyst...@gmail.com> >> wrote: >> >> So this weekend I discovered a Trojan virus on my network. Sometime >> around January we had opted to remove an old firewall that had met its >> product life cycles end. We were still in the process of deciding whether >> to continue with temporary firewalls or look toward more robust >> input/output chain policies for a hardened, more permanent solution. In the >> mean time, of course, we continued to do the upload/download thing. We had >> some suspicion that there was something going on, we noted alot of >> broadcast storms, particularly in the mornings. The network had become >> particularly sluggish and there seemed to be alot of application bloat, >> initially i just attributed this to poor code maintenance resulting in a >> memory leak. >> >> We did a basic Netstat this weekend and discovered a traffic anomaly. So >> we went to a professional and had them run a packet sniffer. We had >> verification of foreign code, likely for as long as 6-8 weeks. >> >> It will be layer 3 in this case but its too early to tell whether this >> codes payload will be TCP or UDP, we will be monitoring as the code >> replicates. This is a pretty common virus, as a matter of fact we have all >> had it at one point, probably so long ago we dont even remember. We >> anticipate The fully formed packet chain to leave NAT mode and be fully >> routed out to the WAN in December. >> >> >> >> >> >> -- >> >
