• Ganked

    From poindexter FORTRAN@700:100/20 to All on Sat Dec 12 07:06:00 2020
    Somebody ganked my work laptop yesterday!

    I'm setting up a new office, and had to use the AT&T circuit we're
    using with our firewall. AT&T's router has a small range of public IPs
    it can serve.

    I was on for about 30 minutes and started noticing some odd behavior.
    My infosec department saw inbound connection attempts on 3389 and
    locked my laptop out. On the phone with them, I noted that there was a background process that kept blinking in and out, and you could see an
    app on the task bar flicker briefly.

    Looked at the event logs and saw 1800+ RDP password failures, all
    usernames starting with the letter "A" and "B".

    I'm going to have to re-image it, but I want to do some forensics
    first. It's locked out of the network, so it's safe.



    ... The exception also declares the rule
    --- MultiMail/XT v0.52
    * Origin: realitycheckBBS.org -- information is power. (700:100/20)