RE: compromised network

[Francisco Mário Ferreira Custódio <fcustodio () eda pt>]

Hi Dana,

I'm happy to know that you got the help needed. 
It's a very good start when the managers feel the need to spend money to
secure the networks. Most of them decide to do that only when they're been
attacked...anyway...It's good that they understood the need for security. 


Stay well.

Francisco.

-----Original Message-----
From: Dana Rawson [mailto:absolutezero273c () nzoomail com] 
Sent: terça-feira, 6 de Janeiro de 2004 14:09
To: security-basics () securityfocus com
Subject: Re: compromised network

In-Reply-To:
<A80C06D433676A42A2D8B144E5B2920DAC24 () server superiorholidayadventures ca>

I want to thank everyone for their help, direction, information and opinions
related to my original posting.

Everyone's input did assist me in determining my focus and direction.

It appears as though the original point of entry was an improper
configuration by my router consultant allowing for access to the router and,
eventually, the network.

It would appear, at first glance, there was no real damage done, with the
exception of unauthorized programs and files added to certain servers in
order to run the ftp server(s).  However, only time will tell as we begin an
in depth review.

Regarding Ethereal and capturing packets; Even though this is the first time
I have ever looked at this I was able to identify the unwanted, or
additional, traffic/hardware that was connected to my network.  It did not
assist me in resecuring my network.  But I do now have a snap shot of my
network traffic that I can study for future troubleshooting and additional
learning and did provide me with what I was looking for.  A snap shot of all
the network traffic, yes?

Legal actions: none.  Once I realized how many connections were
international I figured it was pointless to pursue.  Adding to that, I
didn't have proper logging in place prior to the incident.

One good thing that has come out of this, is that I now have the approval to
spend what ever I feel necessary to upgrade network security.

Cheers,

Dana

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!  
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------