Security Basics mailing list archives

Re: compromised network

From: Dana Rawson <absolutezero273c () nzoomail com>
Date: 6 Jan 2004 15:09:24 -0000

In-Reply-To: <A80C06D433676A42A2D8B144E5B2920DAC24 () server superiorholidayadventures ca>

I want to thank everyone for their help, direction, information and opinions related to my original posting.

Everyone's input did assist me in determining my focus and direction.

It appears as though the original point of entry was an improper configuration by my router consultant allowing for
access to the router and, eventually, the network.

It would appear, at first glance, there was no real damage done, with the exception of unauthorized programs and files
added to certain servers in order to run the ftp server(s). However, only time will tell as we begin an in depth
review.

Regarding Ethereal and capturing packets; Even though this is the first time I have ever looked at this I was able to
identify the unwanted, or additional, traffic/hardware that was connected to my network. It did not assist me in
resecuring my network. But I do now have a snap shot of my network traffic that I can study for future troubleshooting
and additional learning and did provide me with what I was looking for. A snap shot of all the network traffic, yes?

Legal actions: none. Once I realized how many connections were international I figured it was pointless to pursue.
Adding to that, I didn't have proper logging in place prior to the incident.

One good thing that has come out of this, is that I now have the approval to spend what ever I feel necessary to
upgrade network security.

Cheers,

Dana

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

Re: compromised network Greg (Jan 02)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
  - Re: compromised network Greg (Jan 05)
    - Re: compromised network Ansgar -59cobalt- Wiechers (Jan 05)
    - Re: compromised network Greg (Jan 08)
- Re: compromised network - backups Alvin Oga (Jan 05)
- <Possible follow-ups>
- RE: compromised network Mike (Jan 05)
- Re: compromised network Dana Rawson (Jan 06)
- RE: compromised network Francisco Mário Ferreira Custódio (Jan 07)