[CRTech] Christian Radio Tech [MSG 79180]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
RE: hacking continued
To: CRTech <crtech@crtech.org>
Subject: RE: hacking continued
From: Mike Shane <mshane@salemomaha.com>
Date: Tue, 14 Mar 2017 23:42:16 +0000
Accept-language: en-US
Authentication-results: crtech.org; dkim=none (message not signed) header.d=none;crtech.org; dmarc=none action=none header.from=salemomaha.com;
Content-language: en-US
In-reply-to: <CA+0ZtTbaKdN5=+5Az7+QMLY2bJSmn-5ZpVyAHTA5TQ+xg=-uDg@mail.gmail.com>
References: <812f36bb-e2cc-bf85-ba40-df7d81d2e32b@knlr.com> <CA+0ZtTbaKdN5=+5Az7+QMLY2bJSmn-5ZpVyAHTA5TQ+xg=-uDg@mail.gmail.com>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99
Thread-index: AQHSnNmy1w48ZbZzV0qQRVgMxzI3UqGUei0AgAB9CrA=
Thread-topic: [CRTech] hacking continued

IP Information – I got different countries than Jon.

 

89.248.167.131

Country                      ASN                                                                   Bad IP?

 

Netherlands              AS29073 Ecatel LTD                                      Listed

177.140.27.47

Brazil                         AS28573 Serviços de Comunicação S.A.  Not Listed

94.102.49.190

Netherlands              AS29073 Ecatel LTD                                      Listed

189.34.242.231

Brazil                         AS28573 Serviços de Comunicação S.A.  Not Listed

86.110.119.19

Russian Federation                                                                            Listed

 

 

 

Mike Shane

Salem Media Group Omaha

 

From: Matthew Chambers [mailto:mchambers@showmeham.info]
Sent: Tuesday, March 14, 2017 10:45 AM
To: CRTech
Subject: Re: [CRTech] hacking continued

 

I'd be wondering if there is any pattern to where those IP addresses belong to?


Matthew A. Chambers, NR0Q

 

 

 

On Tue, Mar 14, 2017 at 10:43 AM, Terry Cowan <tcowan@knlr.com> wrote:

Several weeks ago we found "tone" on some of our programs.  Apparently our AMBOS receiver was hacked and the tone generator turned on.  True the receiver was port forwarded without protection.  So I created a program and redirected that port to it to see if we were being hacked.  Here is the log of the "hacking". 

Terry Cowan

KNLR/KNLX

03/04/17 22:27:14 89.248.167.131
03/05/17 14:40:31 177.140.27.47
03/05/17 14:40:31 177.140.27.47
03/10/17 08:52:24 94.102.49.190
03/13/17 08:11:57 189.34.242.231
03/13/17 08:11:58 189.34.242.231
03/14/17 04:07:58 86.110.119.19

 

 

Follow-Ups: Re: hacking continued
(dave allen <crtech-mail@reyware.us>, 15 Mar 2017 14:19:11 -0000)
References: hacking continued
(Terry Cowan <tcowan@knlr.com>, 14 Mar 2017 15:43:11 -0000)
Re: hacking continued
(Matthew Chambers <mchambers@showmeham.info>, 14 Mar 2017 15:45:06 -0000)
Prev by date: RE: T12 to T8 Flourescent
(Allard, Mark G, 14 Mar 2017 23:04:22 -0000)
Next by date: RE: T12 to T8 Flourescent
(Bill Hurne, 15 Mar 2017 00:55:23 -0000)
Prev by thread: Re: hacking continued
(Matthew Chambers, 14 Mar 2017 16:14:42 -0000)
Next by thread: Re: hacking continued
(dave allen, 15 Mar 2017 14:19:11 -0000)
CRTech.org