Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Multiple "failed logon" attempts - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple "failed logon" attempts
There is no good way to say this - your entire network is likely compromised.

Start afresh and rebuild everything, as nothing can be trusted at this point, including your backups/BIOS/firmware/routers/wifi access points/cameras and yes, even printers (especially the multifunction ones - many run embedded windows and cannot be patched easily - or it violates your warranty if you do).

If your systems contain or connect to other systems with valuable data, suggest getting an expert in to help you. SANS may be able to recommend one to you.

2 Posts
I would disagree with the "you are totally compromised" comment. You need to think about that when the attempts *stop*.
The important thing to consider is why exactly you have a userid/password service open to the internet - especially if you are seeing campaigns like this (and everyone is), you should be thinking about implementing a two factor authentication solution to shut these attempts down.
Rob VandenBrink

458 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!