Hi All
The SonicWall Appliance is a great device. I have many of my customers setup
with it.
I just wanted to clarify "My Web Site", I run my Home/Office website
www.pcforge.com with networkices BlackIce ($39.00), this site was NOT
hacked.
The Site I run at the company I work IS for is www.jjcalibrations.com and
this is running a Cisco 2600 router ($5000.00) with firewall software, this
was hacked.
I have now learned that the term "Fire Wall" is used very loosely.
The difference here is that the cisco routers firewall does stop all access
except the ports you open up, its firewall doesn't do proactive monitoring
like SonicWall or BlackIce Does.
on my Home/office network I run BlackIce on the Web Server and ZoneAlarm Pro
on all workstations and have logged many attempts but no breach.
the hack on the system at work came through port 80 (http) as a standard
HTTP Get...
here is an example from my logs:
----start example-----
61.140.116.84, -, 5/5/01, 3:01:08, W3SVC1, WEBSERVER, 10.0.0.X, 70, 436,
401, 502, 0, GET, /scripts/../../winnt/system32/cmd.exe,
/c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\hackercn.exe,
----end example ------
Notice how cmd.exe is completely exposed without a big red flag from MS.
There are other lines where he did DIR command and just moseyed around the
website.
I am showing you this, to inform as many as I can.
get a proactive scanning firewall like SonicWall, ZoneAlarm or Black Ice..
NOW!
Ben Johansen
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Mike Byerley
Sent: Wednesday, May 09, 2001 3:48 PM
To: [EMAIL PROTECTED]
Subject: Re: Security breach
In the past 14 month, SonicWall has generated 366 alerts of hack attempts
on our system.
Mike
----- Original Message -----
From: "Chuck Lockwood" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 09, 2001 4:30 PM
Subject: RE: Security breach
> There is a rash of this coming from hackers in China.
>
> http://dailynews.yahoo.com/h/nm/20010501/wr/china_usa_hackers_dc_6.html
>
> Chuck Lockwood
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> LockData Technologies, Inc.
> 309 Main Avenue, Hawley, Pa 18428
> Phone: 570-226-7340 ~ Fax: 570-226-7341
> Email: [EMAIL PROTECTED] ~ http://www.lockdata.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Jeff Ward
> Sent: Wednesday, May 09, 2001 4:42 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Security breach
>
>
> Manuel,
>
> I believe the FBI is responsible for this type of crime.
>
> Jeff Ward
>
>
> >Hello Everyone,
> >
> >Someone broke into my intranet and replace the default.htm with a page
> >that displays an obsenity. They also replaced or installed default.asp
> >with the same page discussting page.
> >The new page has an email on that could lead to this sick individual.
> >Does anyone know if there are any goverment agencies that investigate
> >this type of activity?
> >
> >Any information would jbe appreciated.
> >Manuel
>
>
