[CRTech] Christian Radio Tech [MSG 79184]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: hacking continued
To: CRTech <crtech@crtech.org>
Subject: Re: hacking continued
From: dave allen <crtech-mail@reyware.us>
Date: Wed, 15 Mar 2017 08:19:01 -0600
In-reply-to: <BN6PR08MB246701D62D41EC66378345DBB5240@BN6PR08MB2467.namprd08.prod.outlook.com>
References: <812f36bb-e2cc-bf85-ba40-df7d81d2e32b@knlr.com> <CA+0ZtTbaKdN5=+5Az7+QMLY2bJSmn-5ZpVyAHTA5TQ+xg=-uDg@mail.gmail.com> <BN6PR08MB246701D62D41EC66378345DBB5240@BN6PR08MB2467.namprd08.prod.outlook.com>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
these countries match the official iana data to where each subnet is assigned.

i imagine they could be 'sub-leased' and assigned to telecoms in other parts of the world.

all are on my list of bad countries.

dave allen

On 3/14/2017 5:42 PM, Mike Shane wrote:

IP Information – I got different countries than Jon.

 

89.248.167.131

Country                      ASN                                                                   Bad IP?

 

Netherlands              AS29073 Ecatel LTD                                      Listed

177.140.27.47

Brazil                         AS28573 Serviços de Comunicação S.A.  Not Listed

94.102.49.190

Netherlands              AS29073 Ecatel LTD                                      Listed

189.34.242.231

Brazil                         AS28573 Serviços de Comunicação S.A.  Not Listed

86.110.119.19

Russian Federation                                                                            Listed

 

 

 

Mike Shane

Salem Media Group Omaha

 

From: Matthew Chambers [mailto:mchambers@showmeham.info]
Sent: Tuesday, March 14, 2017 10:45 AM
To: CRTech
Subject: Re: [CRTech] hacking continued

 

I'd be wondering if there is any pattern to where those IP addresses belong to?


Matthew A. Chambers, NR0Q

 

 

 

On Tue, Mar 14, 2017 at 10:43 AM, Terry Cowan <tcowan@knlr.com> wrote:

Several weeks ago we found "tone" on some of our programs.  Apparently our AMBOS receiver was hacked and the tone generator turned on.  True the receiver was port forwarded without protection.  So I created a program and redirected that port to it to see if we were being hacked.  Here is the log of the "hacking". 

Terry Cowan

KNLR/KNLX

03/04/17 22:27:14 89.248.167.131
03/05/17 14:40:31 177.140.27.47
03/05/17 14:40:31 177.140.27.47
03/10/17 08:52:24 94.102.49.190
03/13/17 08:11:57 189.34.242.231
03/13/17 08:11:58 189.34.242.231
03/14/17 04:07:58 86.110.119.19

 

 


Follow-Ups: Re: hacking continued
(BIll Moede <bmoedereplay@gmail.com>, 15 Mar 2017 14:37:48 -0000)
References: hacking continued
(Terry Cowan <tcowan@knlr.com>, 14 Mar 2017 15:43:11 -0000)
Re: hacking continued
(Matthew Chambers <mchambers@showmeham.info>, 14 Mar 2017 15:45:06 -0000)
RE: hacking continued
(Mike Shane <mshane@salemomaha.com>, 14 Mar 2017 23:42:25 -0000)
Prev by date: Re: T12 to T8 Flourescent
(Mark Croom, 15 Mar 2017 04:40:08 -0000)
Next by date: Re: hacking continued
(BIll Moede, 15 Mar 2017 14:37:48 -0000)
Prev by thread: RE: hacking continued
(Mike Shane, 14 Mar 2017 23:42:25 -0000)
Next by thread: Re: hacking continued
(BIll Moede, 15 Mar 2017 14:37:48 -0000)
CRTech.org