[CRTech] Christian Radio Tech [MSG 79171]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: hacking continued
To: CRTech <crtech@crtech.org>
Subject: Re: hacking continued
From: Matthew Chambers <mchambers@showmeham.info>
Date: Tue, 14 Mar 2017 11:14:36 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=showmeham-info.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=NYqHwgIJwlluggsTgClVY829rBD8KKX7cmKNvaPHyXs=; b=dRDpTM99oEIo0d/KWuzII+yWaFKKd7IorpDEjTcqhZ+xRUuseEIIBWbLbDQm0QkKCS UKRjGPgF34izXuJ7Xl01hHeWkFCbqvLKS+W1Fu1SakC39l2ziBC+pAubLB9RbQV7g9OZ tpg8/fEiyY05GmdXnFUqpxFnQPMlyR/CumHM34hT+WpPt3nMEH+KRA8VCOMdV1NKOhTG Z0Gra1WAi1ryZIeu8NToQ+NpzUA+9lOy/LyW6imMpFbUfB4/FkF3RCdM5Ym9DNYOB7ys ZEFlyrxnSINvQf26rZKd9iWgWRhLBA66KsPl8EI6K8BwXhgzM9UseFKo3j/vD4U8m3Q3 YVmA==
In-reply-to: <08ec4ad9-0061-25dc-33ae-a9e356491d96@knlr.com>
References: <812f36bb-e2cc-bf85-ba40-df7d81d2e32b@knlr.com> <CA+0ZtTbaKdN5=+5Az7+QMLY2bJSmn-5ZpVyAHTA5TQ+xg=-uDg@mail.gmail.com> <08ec4ad9-0061-25dc-33ae-a9e356491d96@knlr.com>
shodan.io is a web "device" search engine, that's how all the barix boxes were found, from the shodan.io site

Matthew A. Chambers, NR0Q



On Tue, Mar 14, 2017 at 11:11 AM, Terry Cowan <tcowan@knlr.com> wrote:

I have checked several in Who is and they have come back as known hackers

Terry


89.248.167.131 was found in our database!

This IP was reported 300 times. See below for details.

ISP Novogara LTD
Hostname mason.census.shodan.io
Organization Quasi Networks
Connection Type Cable/DSL
Country  Netherlands
City Unknown
On 03/14/17 08:45, Matthew Chambers wrote:
I'd be wondering if there is any pattern to where those IP addresses belong to?

Matthew A. Chambers, NR0Q



On Tue, Mar 14, 2017 at 10:43 AM, Terry Cowan <tcowan@knlr.com> wrote:

Several weeks ago we found "tone" on some of our programs.  Apparently our AMBOS receiver was hacked and the tone generator turned on.  True the receiver was port forwarded without protection.  So I created a program and redirected that port to it to see if we were being hacked.  Here is the log of the "hacking". 

Terry Cowan

KNLR/KNLX

03/04/17 22:27:14 89.248.167.131
03/05/17 14:40:31 177.140.27.47
03/05/17 14:40:31 177.140.27.47
03/10/17 08:52:24 94.102.49.190
03/13/17 08:11:57 189.34.242.231
03/13/17 08:11:58 189.34.242.231
03/14/17 04:07:58 86.110.119.19






References: hacking continued
(Terry Cowan <tcowan@knlr.com>, 14 Mar 2017 15:43:11 -0000)
Re: hacking continued
(Matthew Chambers <mchambers@showmeham.info>, 14 Mar 2017 15:45:06 -0000)
Re: hacking continued
(Terry Cowan <tcowan@knlr.com>, 14 Mar 2017 16:11:58 -0000)
Prev by date: Re: hacking continued
(Terry Cowan, 14 Mar 2017 16:11:58 -0000)
Next by date: RE: hacking continued
(Jon Foreman, 14 Mar 2017 16:30:01 -0000)
Prev by thread: Re: hacking continued
(Terry Cowan, 14 Mar 2017 16:11:58 -0000)
Next by thread: RE: hacking continued
(Mike Shane, 14 Mar 2017 23:42:25 -0000)
CRTech.org