Re: compromised network

From: Dana Rawson (absolutezero273c_at_nzoomail.com)
Date: 01/06/04

  • Next message: JM: "RE: home wireless router good practices for security"
    Date: 6 Jan 2004 15:09:24 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <A80C06D433676A42A2D8B144E5B2920DAC24@server.superiorholidayadventures.ca>

    I want to thank everyone for their help, direction, information and opinions related to my original posting.

    Everyone's input did assist me in determining my focus and direction.

    It appears as though the original point of entry was an improper configuration by my router consultant allowing for access to the router and, eventually, the network.

    It would appear, at first glance, there was no real damage done, with the exception of unauthorized programs and files added to certain servers in order to run the ftp server(s). However, only time will tell as we begin an in depth review.

    Regarding Ethereal and capturing packets; Even though this is the first time I have ever looked at this I was able to identify the unwanted, or additional, traffic/hardware that was connected to my network. It did not assist me in resecuring my network. But I do now have a snap shot of my network traffic that I can study for future troubleshooting and additional learning and did provide me with what I was looking for. A snap shot of all the network traffic, yes?

    Legal actions: none. Once I realized how many connections were international I figured it was pointless to pursue. Adding to that, I didn't have proper logging in place prior to the incident.

    One good thing that has come out of this, is that I now have the approval to spend what ever I feel necessary to upgrade network security.

    Cheers,

    Dana

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: JM: "RE: home wireless router good practices for security"