Security Basics mailing list archives
Re: compromised network
From: Dana Rawson <absolutezero273c () nzoomail com>
Date: 6 Jan 2004 15:09:24 -0000
In-Reply-To: <A80C06D433676A42A2D8B144E5B2920DAC24 () server superiorholidayadventures ca> I want to thank everyone for their help, direction, information and opinions related to my original posting. Everyone's input did assist me in determining my focus and direction. It appears as though the original point of entry was an improper configuration by my router consultant allowing for access to the router and, eventually, the network. It would appear, at first glance, there was no real damage done, with the exception of unauthorized programs and files added to certain servers in order to run the ftp server(s). However, only time will tell as we begin an in depth review. Regarding Ethereal and capturing packets; Even though this is the first time I have ever looked at this I was able to identify the unwanted, or additional, traffic/hardware that was connected to my network. It did not assist me in resecuring my network. But I do now have a snap shot of my network traffic that I can study for future troubleshooting and additional learning and did provide me with what I was looking for. A snap shot of all the network traffic, yes? Legal actions: none. Once I realized how many connections were international I figured it was pointless to pursue. Adding to that, I didn't have proper logging in place prior to the incident. One good thing that has come out of this, is that I now have the approval to spend what ever I feel necessary to upgrade network security. Cheers, Dana --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: compromised network Greg (Jan 02)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
- Re: compromised network Greg (Jan 05)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 05)
- Re: compromised network Greg (Jan 08)
- Re: compromised network Greg (Jan 05)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
- Re: compromised network - backups Alvin Oga (Jan 05)
- <Possible follow-ups>
- RE: compromised network Mike (Jan 05)
- Re: compromised network Dana Rawson (Jan 06)
- RE: compromised network Francisco Mário Ferreira Custódio (Jan 07)