Blocked a Host but it still gets out??
-
dok / rez, I knew you couldn't keep off. Not only are you color blind, but you are schitzo with no sense of useful responses. Lay off thread since you provide no useful information. If you read the thread carefully, you would know the why for the test, and how error filled your comments were. You are useless to this thread and overall community.
kejianshi, thanks for trying to assist. Like I said, we always re-image anyow, but it was just an academic exercise.
-
Well - If I remember correctly this machine and perhaps others were ruining the reputation of your IP and using up your bandwidth, so I'd be analysing the hell out of also to make sure I didn't fall victim again. Did you ever figure out what exactly trojan/virus or intentional sabotage you were inflicted with?
-
Running Symantec AV Enterprise did not see anything, offline/livecd of Dr. Web, AVG, and Avast did not turn anything up. Could be 0day that's not detectable yet by AV companies. As far as ruining IP, that's why we try and have proactive review of the network making sure there's no jump in traffic, or abnormal outbound/inbound traffic. Soon as we do, we isolate to review on test network.
-
Could be zero day - could be one of your employees trying to use your IP to make a little money on the side. Either is possible.
-
Ha, this old lady doesn't even know where the Control Panel is in Windows.
-
So you think… But she is probably the notorious hacker "BlackWidow". (I totally made that up)
Yeah - I'd wipe it - I'm pretty sure pfsense is doing its job, but why take risks. -
I don't know if it was asked or if I missed it, but, did you check your state table to see if there are states being opened by this machine?
-
Yes, it coincided with HTOP. At this point, it is closed issue since it has been reimaged. Thank you.