East Midlands Broadband Consortium (EMBC) Thread, Compromised systems in Regional Broadband Consortiums (RBC); Joy, we've had a succesful dictionary attack on a few of our staff email accounts. No biggy - passwords changed. ...
9th August 2012, 12:05 PM #1
Joy, we've had a succesful dictionary attack on a few of our staff email accounts. No biggy - passwords changed. Fire off email to EMBC to get the IP range blocked (Nigerian scammers on all DNSBLs and known on google for scamming/dictionary attacks for spambots)
Would have thought that with their past records EMBC would be on the ball and dealt with it. No, 2 days later I have to chase it up to be told it has to be cleared by LEA.
Bull-hooks does it. Why the hell aren't they using those DNSBL's in the first place, and why the hell would I need someone elses authorisation to have clearly dangerous IP's blocked using the bloody firewall we pay them for.
Roll on changeover, we can't wait to have control over our own system.
(The DNSBL is a very serious question mark though, rant over and logic sinking in - I'm fairly sure I remember someone from the IWF saying part and parcel of the deal was to use people like spamhaus to minimise this sort of thing anyway. This isn't "responsibility mitigation" aka shifting the blame, just something I thought we should be protected with.)
Last edited by synaesthesia; 9th August 2012 at 12:06 PM.
9th August 2012, 03:09 PM #2
The delay is being looked at and you should have had a further call back on this now.
This was in the process of being escalated but when back from leave I will find out more.
Thanks to GrumbleDook from:
TheScarfedOne (9th August 2012)
9th August 2012, 03:31 PM #3
S'alright, Tom from Capita called me and we've got it pretty much sorted - delays accepted by all parties and we all know what should have happened in an ideal world:
1. Problem reported
2. Access to that mail server or other compromised systems removed immediately until we could prove we've taken relevant steps to solve it.
3. Access reinstated with relevant firewall tweaks made.
Thankfully we've got decent logging and within 20 minutes I was able to provide logs of all times/dates down to the second with the relevant IP's in full view, and acted immediately on the problem ourselves so there's been no need for disconnection - might have been rather problematic currently with exam results due soon, uni contacts for students etc.
Without being horrible to anyone (I don't like being horrible, I like people in general), since I've had cause to moan about things EMBC related recently it's always been the same member of staff (1st line?). Reckon I should further act on that? Tom as usual was excellent.
9th August 2012, 04:32 PM #4
If necessary rather than complain, I'd speak to someone a little further up the chain and just mention whatever it is you've had cause to moan about in a non-confrontational way asking them if that's how xyz is normally dealt with. Only because it maybe a training issue with said member of staff, and like you I don't like being horrible.
Originally Posted by synaesthesia
9th August 2012, 05:17 PM #5
Exactly. I don't feel quite so guilty because on 2 separate occasions before today's conversation she cut me off mid-sentence to say something. I stutter as it is so I hate having my flow cut
By tarquel in forum MIS Systems
Last Post: 25th May 2007, 04:11 PM
By tarquel in forum Windows
Last Post: 9th November 2005, 08:38 PM
By tosca925 in forum Educational IT Jobs
Last Post: 21st September 2005, 04:39 PM
By drjturner in forum Windows
Last Post: 22nd August 2005, 12:28 PM
By ninjabeaver in forum Windows
Last Post: 29th June 2005, 04:08 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)