Serious they sent me a warning stating that tey have detected IRC traffic.... and that I should scan my systems since.... IRC is a good indicator of malicious software....
Are they crazy?!?
on 07/06/2012 – Made popular on 07/06/2012
I am trying to find an inbuilt solution on a Cisco Catayst 3750X Switch to scan all traffic routed from one VLAN to another for malicious code.
The situation is that we currently have a development environment which is currently being redesigned to upgrade the network infrastructure to use the 3750X switches to manage server and workstation connectivity as well as inter-VLAN routing.
I have a glassfish server running some webservice and I noticed that there is an abnormal traffic from japan (150.70.x.x) in my iptables log file and I dont have any user in this country .
Until now this IPs didn't succed to connect to my webservice .
Project honeypot detected this IPs as malicious so I want to dig more and understand what this hacker is trying to do .
On Thursday (2014/7/24) morning I discovered that one of my Ubuntu systems was hacked. I believe it may have been the malware NetWire. I was able to see some traffic from the internet directed at the domain port (53). Based on the traffic seen it looks like the entry was via port 53.
You'd think that there would be better security than this on traffic lights. :eek:
With permission from a local road agency, researchers in Michigan hacked into nearly 100 wirelessly networked traffic lights, highlighting security issues that they say are likely to pervade networked traffic infrastructure around the country.
I've got a new client whose site looks like it has been hacked. It's running Drupal and I have run Hacked on it to verify that the file structure hasn't changed. I can add the Paranoia module, but it's a bit late.
Unfortunately, the site was developed with a lot of PHP code inserted directly into nodes, so a lot of custom code is sitting in the database. It's all run through eval().