[svlug] Intrusion detected: What's the best response

Scott DuBois linux at roguehorse.com
Mon Jun 9 14:50:09 PDT 2014

Previous message: [svlug] Intrusion detected: What's the best response
Next message: [svlug] Intrusion detected: What's the best response
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/09/2014 01:11 PM, Karen Shaeffer wrote:
> On Mon, Jun 09, 2014 at 09:37:06AM +0100, Sanatan Rai wrote:
>> Hi All,
>>    Yesterday, my router was hacked.
>>
>>     The router's logs are terrible, not much information there.
>> However, I am sure that there was an intrusion because the router
>> permits only one login as admin irrespective of protocol
>> (telnet/https). When I tried to log in last night, the login was
>> rejected saying that the admin was already logged in from an IP which
>> I later traced as being in China.
>>
>>     My response was to disconnect the router from the phone line, so I
>> am no longer connected to the internet at home (this email is being
>> written at work).
>>
> 
> Hi Sanatan,
> Be aware, it is common practice today for sophisticated corporate attacks to
> begin by cracking employees. Then they get inside the corporate network
> via the employee. I suggest it is prudent to think about that possibility.
> 
> enjoy,
> Karen
> 

Oh man!

Now this scenario would not surprise me at all. Would it not be a
complete kick in the pants to have all this data caught on and NDS?

-- 
Scott DuBois
President EBLUG
BSIT Software Engineering
Freenode: Roguehorse

Previous message: [svlug] Intrusion detected: What's the best response
Next message: [svlug] Intrusion detected: What's the best response
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list