[svlug] Intrusion detected: What's the best response
linux at roguehorse.com
Mon Jun 9 14:50:09 PDT 2014
On 06/09/2014 01:11 PM, Karen Shaeffer wrote:
> On Mon, Jun 09, 2014 at 09:37:06AM +0100, Sanatan Rai wrote:
>> Hi All,
>> Yesterday, my router was hacked.
>> The router's logs are terrible, not much information there.
>> However, I am sure that there was an intrusion because the router
>> permits only one login as admin irrespective of protocol
>> (telnet/https). When I tried to log in last night, the login was
>> rejected saying that the admin was already logged in from an IP which
>> I later traced as being in China.
>> My response was to disconnect the router from the phone line, so I
>> am no longer connected to the internet at home (this email is being
>> written at work).
> Hi Sanatan,
> Be aware, it is common practice today for sophisticated corporate attacks to
> begin by cracking employees. Then they get inside the corporate network
> via the employee. I suggest it is prudent to think about that possibility.
Now this scenario would not surprise me at all. Would it not be a
complete kick in the pants to have all this data caught on and NDS?
BSIT Software Engineering
More information about the svlug