Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   is my network secure? (http://www.velocityreviews.com/forums/t307298-is-my-network-secure.html)

Fred 11-27-2005 04:52 AM

is my network secure?
 
My network is set up as below;

Could anyone advise as to whether there is anything else I could do to
enhance security?

Bexhill Road 217.204.190.13 - Easynet. ADSL Username is
sussexturnery@easydsl.net, Password tungau87 Tel 0800 053 4343

Churchfields 81.174.162.232 - Plusnet. ADSL Username is
stamco@plus.net password orange. Contact via www.plus.net
<http://www.plus.net/>

Hove 80.229.37.79 - Plusnet. ADSL Username is
stamcohove@plusdsl.net password orange. Contact via www.plus.net
<http://www.plus.net/>



External POP3 (email) server mail.demon.net username
stamco password rtrv4GL



FTP Addresses (Web-sites) ukupload.demon.net username stamco
password rtrv4GL (Main stamco.co.uk site)

ftp.plus.net
<ftp://ftp.plus.net/> username stamco password orange
(stamcoshop.co.uk site)



Internal routers;



Bexhill Road 192.168.1.248 Telnet/SSH;
Username kcceng password kcc123

Bexhill Road ADSL 192.168.254.254 Internet Explorer;
Direct connection

Churchfields 192.168.2.248 Telnet/SSH;
Username kcceng password kcc123

Churchfields ADSL 192.168.2.247 Internet Explorer;
blank username password orange

Hove 192.168.3.248 Telnet/SSH; Username
kcceng password kcc123

Hove ADSL 192.168.2.247 Internet Explorer;
blank username password orange



Servers;



STAMCO_ONE administrator
orange

STAMCO_TS1 administrator
orange

Email/Intranet (192.168.1.1) admin
orange (connect either via telnet or http://192.168.1.1:10000
<http://192.168.1.1:10000/> ) - This also controls DHCP

Phone Stats database (192.168.1.244) root
orange (connect via telnet or http://192.168.1.244:10000
<http://192.168.1.244:10000/> ) - Also has redundant DHCP server

K8 (192.168.1.249) kccs
5t4mc0123 or root sta0098

KPRINT kccs
kcc123




Jim Watt 11-27-2005 10:33 AM

Re: is my network secure?
 
On Sun, 27 Nov 2005 04:52:37 -0000, "Fred" <Fred.Thomas@stamco.com>
wrote:

>Could anyone advise as to whether there is anything else I could do to
>enhance security?


change all the passwords you have posted.

are you mad, or is that someone else's network.


--
Jim Watt
http://www.gibnet.com

jKILLSPAM.schipper@math.uu.nl 11-27-2005 11:06 AM

Re: is my network secure?
 
Fred <Fred.Thomas@stamco.com> wrote:
> My network is set up as below;
>
> Could anyone advise as to whether there is anything else I could do to
> enhance security?
>
> Bexhill Road 217.204.190.13 - Easynet. ADSL Username is
> sussexturnery@easydsl.net, Password tungau87 Tel 0800 053 4343


What kind of joke is this? Someone trying to take out one of their
enemies?

Joachim

=?iso-8859-1?q?Christian_Fu=DF?= 11-27-2005 06:16 PM

Re: is my network secure?
 
The Accounts are all real.... holy ****...

are you high? omfg!
--
MFG
Christian Fuß, replica-solutions.de
( Linux, Poetry, Community 4 everyone, International German/English )



martin 11-27-2005 08:05 PM

Re: is my network secure?
 
Christian Fuß wrote:
> The Accounts are all real.... holy ****...
>
> are you high? omfg!


the web site is still up and looks untouched. Was the FTP address u/n
p/w valis as well? I can't look from the UK because of the computer
misuse act lol. It's a business site!

lol My bet is a manager who was just fired

Jim Watt 11-27-2005 08:51 PM

Re: is my network secure?
 
On Sun, 27 Nov 2005 20:05:02 +0000, martin <usenet@etiqa.co.uk> wrote:

>Christian Fuß wrote:
>> The Accounts are all real.... holy ****...
>>
>> are you high? omfg!

>
>the web site is still up and looks untouched. Was the FTP address u/n
>p/w valis as well? I can't look from the UK because of the computer
>misuse act lol. It's a business site!
>
>lol My bet is a manager who was just fired


If so he deserves to be, and worse.

However, looking at their wensite it seems they had a problem with
a spammer using their address, so maybe this is his way of 'paying
them back'

I've notified them, the rest is their problem. Dunno how hot the
Sussex police are on computer crime, but if you live in the UK
I'd refrain from trying any of those uid's
--
Jim Watt
http://www.gibnet.com

martin 11-27-2005 10:07 PM

Re: is my network secure?
 
Jim Watt wrote:
> On Sun, 27 Nov 2005 20:05:02 +0000, martin <usenet@etiqa.co.uk> wrote:
>
>
>>Christian Fuß wrote:
>>
>>>The Accounts are all real.... holy ****...
>>>
>>>are you high? omfg!

>>
>>the web site is still up and looks untouched. Was the FTP address u/n
>>p/w valis as well? I can't look from the UK because of the computer
>>misuse act lol. It's a business site!
>>
>>lol My bet is a manager who was just fired

>
>
> If so he deserves to be, and worse.
>
> However, looking at their wensite it seems they had a problem with
> a spammer using their address, so maybe this is his way of 'paying
> them back'
>
> I've notified them, the rest is their problem. Dunno how hot the
> Sussex police are on computer crime, but if you live in the UK
> I'd refrain from trying any of those uid's


I'm not going to even attempt to try the uid's, I AM going to be on the
phone to them at 7:30 tomorrow when they open shop, might get a new
client out of them :)

I'm in Sussex, so they're almost local. I'll post back

Jim Watt 11-28-2005 01:44 AM

Re: is my network secure?
 
On Sun, 27 Nov 2005 22:07:23 +0000, martin <usenet@etiqa.co.uk> wrote:

>Jim Watt wrote:
>> On Sun, 27 Nov 2005 20:05:02 +0000, martin <usenet@etiqa.co.uk> wrote:
>>
>>
>>>Christian Fuß wrote:
>>>
>>>>The Accounts are all real.... holy ****...
>>>>
>>>>are you high? omfg!
>>>
>>>the web site is still up and looks untouched. Was the FTP address u/n
>>>p/w valis as well? I can't look from the UK because of the computer
>>>misuse act lol. It's a business site!
>>>
>>>lol My bet is a manager who was just fired

>>
>>
>> If so he deserves to be, and worse.
>>
>> However, looking at their wensite it seems they had a problem with
>> a spammer using their address, so maybe this is his way of 'paying
>> them back'
>>
>> I've notified them, the rest is their problem. Dunno how hot the
>> Sussex police are on computer crime, but if you live in the UK
>> I'd refrain from trying any of those uid's

>
>I'm not going to even attempt to try the uid's, I AM going to be on the
>phone to them at 7:30 tomorrow when they open shop, might get a new
>client out of them :)
>
>I'm in Sussex, so they're almost local. I'll post back


You can mail me via the response form on my website,
I used to live in Haywards Heath but escaped via LGW

Checking the external addresses they are not responding so maybe
someone has caught on already.
--
Jim Watt
http://www.gibnet.com

Roy Penfold 11-28-2005 04:18 AM

Re: is my network secure?
 
Thanks for the attention on this guys,

Our tripwire system picked up an intrusion attempt onto our main server and
alerted me at 02:00 this morning.

It loooks as though someone found a way into our network and discovered an
email to our new network admin giving passwords etc.

I have changed all passwords and am in the processof changing usernames/IP
addressess.

Log files are being sent to Sussex Police. As a result of this, I would
recommend not attempting to connect on any of the IPs listed.

Many thanks for you attention on this guys.

Roy Penfold
IT Manager
STAMCO Timber
"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:1hkko1tluf6sadkrhrnbpglahn627f0lnd@4ax.com...
> On Sun, 27 Nov 2005 22:07:23 +0000, martin <usenet@etiqa.co.uk> wrote:
>
>>Jim Watt wrote:
>>> On Sun, 27 Nov 2005 20:05:02 +0000, martin <usenet@etiqa.co.uk> wrote:
>>>
>>>
>>>>Christian Fuß wrote:
>>>>
>>>>>The Accounts are all real.... holy ****...
>>>>>
>>>>>are you high? omfg!
>>>>
>>>>the web site is still up and looks untouched. Was the FTP address u/n
>>>>p/w valis as well? I can't look from the UK because of the computer
>>>>misuse act lol. It's a business site!
>>>>
>>>>lol My bet is a manager who was just fired
>>>
>>>
>>> If so he deserves to be, and worse.
>>>
>>> However, looking at their wensite it seems they had a problem with
>>> a spammer using their address, so maybe this is his way of 'paying
>>> them back'
>>>
>>> I've notified them, the rest is their problem. Dunno how hot the
>>> Sussex police are on computer crime, but if you live in the UK
>>> I'd refrain from trying any of those uid's

>>
>>I'm not going to even attempt to try the uid's, I AM going to be on the
>>phone to them at 7:30 tomorrow when they open shop, might get a new
>>client out of them :)
>>
>>I'm in Sussex, so they're almost local. I'll post back

>
> You can mail me via the response form on my website,
> I used to live in Haywards Heath but escaped via LGW
>
> Checking the external addresses they are not responding so maybe
> someone has caught on already.
> --
> Jim Watt
> http://www.gibnet.com




martin 11-28-2005 07:39 AM

Re: is my network secure?
 
Roy Penfold wrote:
> Thanks for the attention on this guys,
>
> Our tripwire system picked up an intrusion attempt onto our main server and
> alerted me at 02:00 this morning.
>
> It loooks as though someone found a way into our network and discovered an
> email to our new network admin giving passwords etc.
>
> I have changed all passwords and am in the processof changing usernames/IP
> addressess.
>
> Log files are being sent to Sussex Police. As a result of this, I would
> recommend not attempting to connect on any of the IPs listed.
>
> Many thanks for you attention on this guys.
>
> Roy Penfold
> IT Manager
> STAMCO Timber


doh!


All times are GMT. The time now is 05:48 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.