[CRTech] Christian Radio Tech [MSG 79185]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: hacking continued
To: CRTech <crtech@crtech.org>
Subject: Re: hacking continued
From: BIll Moede <bmoedereplay@gmail.com>
Date: Wed, 15 Mar 2017 09:37:39 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=rE+n/hBh2U1tqSKzvM3f2Yi4gVa7Fmh3DrL9739nz/c=; b=hgD01z7Sfg1fyuXeM9GSYfdta4/6sLYRfmtwj6HVBi0VOEhrphXUmlkS+d4e1E8Ur7 HcT0uQkfcAk4qT/lWTxqbWTpTQVmgIVapLQkHoUVb6cMiCUTYkeQn+DrRkUr2jZASFqK cVH3Qbi2gxx64/UMrVFebN+csqAPHmB7XIEdNYpVFPtGoWL4Lgo+QtEql2fvIXsZ+NOv qogn3FJfvbdHIbmbjbwtmvpZYtDo2LwYaKlQ/ZVxb7cjx6MvLq33jIKGxvHGC8hDNcZX WadgMXwZefwWdeLwDLbT0qMGPYN8+QcV3TbK30RJSwcFBUNNXMo/L4HeSsNRBFHcKLP+ Y44Q==
In-reply-to: <07dc058b-68e1-ab5c-6449-1d451da55bda@reyware.us>
References: <812f36bb-e2cc-bf85-ba40-df7d81d2e32b@knlr.com> <CA+0ZtTbaKdN5=+5Az7+QMLY2bJSmn-5ZpVyAHTA5TQ+xg=-uDg@mail.gmail.com> <BN6PR08MB246701D62D41EC66378345DBB5240@BN6PR08MB2467.namprd08.prod.outlook.com> <07dc058b-68e1-ab5c-6449-1d451da55bda@reyware.us>
So is the hacking coming through the internet connection at the station?



On Wed, Mar 15, 2017 at 9:19 AM, dave allen <crtech-mail@reyware.us> wrote:
these countries match the official iana data to where each subnet is assigned.

i imagine they could be 'sub-leased' and assigned to telecoms in other parts of the world.

all are on my list of bad countries.

dave allen

On 3/14/2017 5:42 PM, Mike Shane wrote:

IP Information – I got different countries than Jon.

 

89.248.167.131

Country                      ASN                                                                   Bad IP?

 

Netherlands              AS29073 Ecatel LTD                                      Listed

177.140.27.47

Brazil                         AS28573 Serviços de Comunicação S.A.  Not Listed

94.102.49.190

Netherlands              AS29073 Ecatel LTD                                      Listed

189.34.242.231

Brazil                         AS28573 Serviços de Comunicação S.A.  Not Listed

86.110.119.19

Russian Federation                                                                            Listed

 

 

 

Mike Shane

Salem Media Group Omaha

 

From: Matthew Chambers [mailto:mchambers@showmeham.info]
Sent: Tuesday, March 14, 2017 10:45 AM
To: CRTech
Subject: Re: [CRTech] hacking continued

 

I'd be wondering if there is any pattern to where those IP addresses belong to?


Matthew A. Chambers, NR0Q

 

 

 

On Tue, Mar 14, 2017 at 10:43 AM, Terry Cowan <tcowan@knlr.com> wrote:

Several weeks ago we found "tone" on some of our programs.  Apparently our AMBOS receiver was hacked and the tone generator turned on.  True the receiver was port forwarded without protection.  So I created a program and redirected that port to it to see if we were being hacked.  Here is the log of the "hacking". 

Terry Cowan

KNLR/KNLX

03/04/17 22:27:14 89.248.167.131
03/05/17 14:40:31 177.140.27.47
03/05/17 14:40:31 177.140.27.47
03/10/17 08:52:24 94.102.49.190
03/13/17 08:11:57 189.34.242.231
03/13/17 08:11:58 189.34.242.231
03/14/17 04:07:58 86.110.119.19

 

 





--
Bill Moede
920-450-7032

Follow-Ups: Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday <smunday@ieee.org>, 15 Mar 2017 18:29:23 -0000)
References: hacking continued
(Terry Cowan <tcowan@knlr.com>, 14 Mar 2017 15:43:11 -0000)
Re: hacking continued
(Matthew Chambers <mchambers@showmeham.info>, 14 Mar 2017 15:45:06 -0000)
RE: hacking continued
(Mike Shane <mshane@salemomaha.com>, 14 Mar 2017 23:42:25 -0000)
Re: hacking continued
(dave allen <crtech-mail@reyware.us>, 15 Mar 2017 14:19:11 -0000)
Prev by date: Re: hacking continued
(dave allen, 15 Mar 2017 14:19:11 -0000)
Next by date: Re: T12 to T8 Flourescent
(Rick Jesse, 15 Mar 2017 16:16:15 -0000)
Prev by thread: Re: hacking continued
(dave allen, 15 Mar 2017 14:19:11 -0000)
Next by thread: Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday, 15 Mar 2017 18:29:23 -0000)
CRTech.org