Chuck...that's just gross. On Thu, May 11, 2017 at 8:28 AM Chuck McCown <ch...@wbmfg.com> wrote:
> I personally delivered 5 of my 8 kids at home. > > *From:* Steve Jones > *Sent:* Wednesday, May 10, 2017 9:09 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] OT: firewall maintenance > Im pretty sure its the mail man again, shes a pretty shady letter carrier > :-) > > Ive grown up in an ems family, two paramedics, two emt B and i was an emt > I, two were also firefighters. > > Twice now the douchenozzle OB refused to let my paramedic sister deliver > for CE, note we are (were at the time)literally the most advanced ems > system in the US. And this hospital was the primary training facility. We > figure we will tell the OB doc we have this, we only need her for her > bloodwork and ultrasound, if they wont give my sis the legally required > joy, we will get a dulla or however you spell it and pop the kid in the > living room, mother nature trumps modern science in this regard. > > > There have to be a few of you who popped yer youngins outside a hospital. > Especially the guys who are joe smith fans. 3 times out i think we are the > ones in charge. > On May 9, 2017 3:59 PM, "Lewis Bergman" <lewis.berg...@gmail.com> wrote: > >> I hope you know the source of the infection...if not...awkward... Conrats! >> >> On Tue, May 9, 2017 at 1:41 PM Darren Shea <darr...@ecpi.com> wrote: >> >>> Even after seeing the stick, it didn’t quite register until I re-read >>> everything you’d typed in this thread - clever! Congratulations! >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Steve Jones >>> *Sent:* Tuesday, May 09, 2017 10:56 AM >>> >>> >>> *To:* af@afmug.com >>> *Subject:* Re: [AFMUG] OT: firewall maintenance >>> >>> >>> >>> Hers the initial diagnostic output >>> >>> >>> >>> On May 9, 2017 9:52 AM, "Steve Jones" <thatoneguyst...@gmail.com> wrote: >>> >>> There is only one infected device. The malicious code that is >>> replicating is directly attached to the command and control node. I know a >>> lot of people would simply CleanSweep, but we just don't feel that is an >>> appropriate step. There may be an IOT baby monitor that gets swept up in >>> all this before its over in December. >>> >>> On Tue, May 9, 2017 at 7:34 AM, David Milholen <dmilho...@wletc.com> >>> wrote: >>> >>> As any virus running on a network it has a pattern weather it be dormant >>> on the network at times or not. >>> >>> Identify the pattern and where it is trying to phone home to and isolate >>> it from phoning home. Then Clean sweep the machines you have control of. >>> >>> The worst part of any of this is that IOT devices IE(ip cameras,dvrs, >>> tempature monitors and others) are the real threat as they have weak basic >>> code that is open to the network. >>> >>> Isolation will be your best bet. This will prevent DDOS attacks on one >>> front but doesnt stop new viruses from entering. >>> >>> >>> >>> >>> >>> On 5/8/2017 10:34 PM, Steve Jones wrote: >>> >>> an addendum to this, there are two primay variants to the payload. One >>> tends to be much more aggressive, a much more roughly defined code, not all >>> that pretty, but ultimately very versatile and robust. The other is >>> normally more elegant in design, but it tends to be visciously malicious, >>> this is the one to be most concerned of. Its underlying code has started >>> wars and destroyed nations >>> >>> >>> >>> On Mon, May 8, 2017 at 9:49 PM, Steve Jones <thatoneguyst...@gmail.com> >>> wrote: >>> >>> So this weekend I discovered a Trojan virus on my network. Sometime >>> around January we had opted to remove an old firewall that had met its >>> product life cycles end. We were still in the process of deciding whether >>> to continue with temporary firewalls or look toward more robust >>> input/output chain policies for a hardened, more permanent solution. In the >>> mean time, of course, we continued to do the upload/download thing. We had >>> some suspicion that there was something going on, we noted alot of >>> broadcast storms, particularly in the mornings. The network had become >>> particularly sluggish and there seemed to be alot of application bloat, >>> initially i just attributed this to poor code maintenance resulting in a >>> memory leak. >>> >>> We did a basic Netstat this weekend and discovered a traffic anomaly. So >>> we went to a professional and had them run a packet sniffer. We had >>> verification of foreign code, likely for as long as 6-8 weeks. >>> >>> It will be layer 3 in this case but its too early to tell whether this >>> codes payload will be TCP or UDP, we will be monitoring as the code >>> replicates. This is a pretty common virus, as a matter of fact we have all >>> had it at one point, probably so long ago we dont even remember. We >>> anticipate The fully formed packet chain to leave NAT mode and be fully >>> routed out to the WAN in December. >>> >>> >>> >>> >>> >>> -- >>> >>
