RE: [WISPA] Attempted hack, what would you do?
This gets good, now he has informed his attorney that it was an attempt to setup "remote desktop"...LOL, he has an MCSE! ~V~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cliff Leboeuf Sent: Friday, January 13, 2006 9:22 AM To: [EMAIL PROTECTED]; WISPA General List Subject: RE: [WISPA] Attempted hack, what would you do? If it were an ex-employee of mine, I would notify the local authorities about his unlawful attempts. I would also send a certified letter to him outlining what you know (not what you think or suspect), and what you will do if it continues. You may even submit to him your proof as evidence you are serious. - Cliff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victoria Proffer Sent: Friday, January 13, 2006 7:48 AM To: 'WISPA General List' Subject: RE: [WISPA] Attempted hack, what would you do? Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you had >them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Attempted hack, what would you do?
No cc info, but network info, but this group could be considered a competitor and would only be hacking to shut my service down. Already have a call into the FBI. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack Weinberg Sent: Friday, January 13, 2006 8:24 AM To: [EMAIL PROTECTED]; WISPA General List Subject: RE: [WISPA] Attempted hack, what would you do? I believe the local police or DA's office is the starting point . Does you router route thru to a computer with credit card info?? If so it becomes a possible ID theft issue -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Victoria Proffer Sent: Friday, January 13, 2006 8:48 AM To: 'WISPA General List' Subject: RE: [WISPA] Attempted hack, what would you do? Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you >had them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Attempted hack, what would you do?
He could tell 100 others whatever access he knows. Again, what difference does it make if its him or someone else he's passed info to? I'd repassword every device in the network that he knew access to. Systemwide repasswording is an advanced topic, but something that can be automated. http://www.comroestudios.com/repasswording/ I presume you're not running Canopy, but the point is if I can create a management automation that repasswords one brand of devices, it's possible to automate repasswording to any managable devices. Rich - Original Message - From: "Victoria Proffer" <[EMAIL PROTECTED]> To: "'WISPA General List'" Sent: Friday, January 13, 2006 7:48 AM Subject: RE: [WISPA] Attempted hack, what would you do? Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you had >them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Attempted hack, what would you do?
A lot of what looks like hacking/scanning can be the NIMBDA virus or other infections. Given that there were probably scattered traces of your domain remaining in the other computer, it could have been a virus within it. Perhaps not. . . . j o n a t h a n -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cliff Leboeuf Sent: Friday, January 13, 2006 9:22 AM To: [EMAIL PROTECTED]; WISPA General List Subject: RE: [WISPA] Attempted hack, what would you do? If it were an ex-employee of mine, I would notify the local authorities about his unlawful attempts. I would also send a certified letter to him outlining what you know (not what you think or suspect), and what you will do if it continues. You may even submit to him your proof as evidence you are serious. - Cliff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victoria Proffer Sent: Friday, January 13, 2006 7:48 AM To: 'WISPA General List' Subject: RE: [WISPA] Attempted hack, what would you do? Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you had >them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Attempted hack, what would you do?
If it were an ex-employee of mine, I would notify the local authorities about his unlawful attempts. I would also send a certified letter to him outlining what you know (not what you think or suspect), and what you will do if it continues. You may even submit to him your proof as evidence you are serious. - Cliff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victoria Proffer Sent: Friday, January 13, 2006 7:48 AM To: 'WISPA General List' Subject: RE: [WISPA] Attempted hack, what would you do? Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you had >them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Attempted hack, what would you do?
I believe the local police or DA's office is the starting point . Does you router route thru to a computer with credit card info?? If so it becomes a possible ID theft issue -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Victoria Proffer Sent: Friday, January 13, 2006 8:48 AM To: 'WISPA General List' Subject: RE: [WISPA] Attempted hack, what would you do? Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you had >them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17 - Release Date: 1/10/2006 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Attempted hack, what would you do?
Let me make it more intriguing, the hacker is an ex-employee or partner... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Friday, January 13, 2006 6:51 AM To: [EMAIL PROTECTED]; WISPA General List Subject: Re: [WISPA] Attempted hack, what would you do? Victoria wrote: > >Theoretically, if someone attempted to hack into your network via your >router, say at least ten times, what would you do? >If you could identify this culprit via logs and IP addresses, where you had >them dead to rights, what would you do? > >~V~ > > > The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Attempted hack, what would you do?
Victoria wrote: Theoretically, if someone attempted to hack into your network via your router, say at least ten times, what would you do? If you could identify this culprit via logs and IP addresses, where you had them dead to rights, what would you do? ~V~ The times that I have detected attempted hacks, the source IP has always been out of my area. I usually will email a "cease and desist" request to the DNS Whois abuse address, and block that address from my firewall. If I had a subscriber attempting to break in, I would probably email him the logs and ask him what he is trying to do. Pete Davis NoDial.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Attempted hack, what would you do?
We found ftp sessions connected to a radio that we couldn't operate correctly. The IPs were originating from France. In the radio's directory we found the first several minutes of a French movie (someone was obviously amusing themselves trying to see how large a file they could FTP into the radio). This was way back when the first Motorola radios shipped without any password protection at all on Telnet and FTP! What did we do? Put all the radios on privates inside our firewall. What should you do? Figure out a way to block whatever way you're being attacked. What difference does it make whether you know the culprit or not? The point is to learn to block it. Whatever a known culprit can do you're better served changing things so that the same exploit cannot be attacked again by the known culprit ... or anyone else. Rich - Original Message - From: "Victoria" <[EMAIL PROTECTED]> To: "'WISPA General List'" Sent: Thursday, January 12, 2006 9:48 PM Subject: [WISPA] Attempted hack, what would you do? Theoretically, if someone attempted to hack into your network via your router, say at least ten times, what would you do? If you could identify this culprit via logs and IP addresses, where you had them dead to rights, what would you do? ~V~ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Attempted hack, what would you do?
Happens every day on our network. I get about 500 to 1000 hits a day on our servers/router logs of ppl port scanning and or running log in scripts trying to crack a username/pass. I have only turned a few in to thier ISP's abuse address and never heard anything from it except for a canned message here and there. Doesn't seem like anyone cares. Most hack attempts come from SBC DSL or china it seems. As far as I know I have only been hacked once, and it was my own fault. I had a FreeBSD box that I was doing some testing on and I forgot about it and left it on the Public side of the network. I had set up a user account with the same username and Pass.Well someone ran a script on it and got in the server. I didn't realize it until my MRTG router graph went crazy for a day with a large amount of traffic. I tracked it down to the box I forgot about and figured out what happened. They were uploading a bunch of stuff to the box through FTP. I did turn them into thier ISP but never heard anything from it. Chadd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Victoria Sent: Thursday, January 12, 2006 9:48 PM To: 'WISPA General List' Subject: [WISPA] Attempted hack, what would you do? Theoretically, if someone attempted to hack into your network via your router, say at least ten times, what would you do? If you could identify this culprit via logs and IP addresses, where you had them dead to rights, what would you do? ~V~ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: 1/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: 1/11/2006 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/