Security Basics mailing list archives
RE: compromised network
From: Francisco Mário Ferreira Custódio <fcustodio () eda pt>
Date: Wed, 7 Jan 2004 15:47:24 -0100
Hi Dana, I'm happy to know that you got the help needed. It's a very good start when the managers feel the need to spend money to secure the networks. Most of them decide to do that only when they're been attacked...anyway...It's good that they understood the need for security. Stay well. Francisco. -----Original Message----- From: Dana Rawson [mailto:absolutezero273c () nzoomail com] Sent: terça-feira, 6 de Janeiro de 2004 14:09 To: security-basics () securityfocus com Subject: Re: compromised network In-Reply-To: <A80C06D433676A42A2D8B144E5B2920DAC24 () server superiorholidayadventures ca> I want to thank everyone for their help, direction, information and opinions related to my original posting. Everyone's input did assist me in determining my focus and direction. It appears as though the original point of entry was an improper configuration by my router consultant allowing for access to the router and, eventually, the network. It would appear, at first glance, there was no real damage done, with the exception of unauthorized programs and files added to certain servers in order to run the ftp server(s). However, only time will tell as we begin an in depth review. Regarding Ethereal and capturing packets; Even though this is the first time I have ever looked at this I was able to identify the unwanted, or additional, traffic/hardware that was connected to my network. It did not assist me in resecuring my network. But I do now have a snap shot of my network traffic that I can study for future troubleshooting and additional learning and did provide me with what I was looking for. A snap shot of all the network traffic, yes? Legal actions: none. Once I realized how many connections were international I figured it was pointless to pursue. Adding to that, I didn't have proper logging in place prior to the incident. One good thing that has come out of this, is that I now have the approval to spend what ever I feel necessary to upgrade network security. Cheers, Dana --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: compromised network Greg (Jan 02)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
- Re: compromised network Greg (Jan 05)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 05)
- Re: compromised network Greg (Jan 08)
- Re: compromised network Greg (Jan 05)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
- Re: compromised network - backups Alvin Oga (Jan 05)
- <Possible follow-ups>
- RE: compromised network Mike (Jan 05)
- Re: compromised network Dana Rawson (Jan 06)
- RE: compromised network Francisco Mário Ferreira Custódio (Jan 07)