This time from 126.96.36.199 which is in a netblock 188.8.131.52/15. The server is in The Los Angeles area. The website is in Chinese. NOC abuse was notified and the following response was received.
email@example.com 9:10 AM (9 minutes ago) to me Hi, We have notified the client regarding the abuse. They have 24 hours to take necessary action. If you still notice the abuse after 24 hours, kindly reply to this ticket and we will null the IP address. Your Ticket Deatils (sic) are as follows: Ticket ID: 1160483 Subject: hacked widows IIS server at 184.108.40.206
By default, a NanoStation wants to be a “station” or client. The screen shots below are after configuration. That’s good in that my NanoStation is working as an AP and bad in that it doesn’t show the fumbling I did to get there. Out of the box with your laptop connected to the primary port and your IP address set to 192.168.1.2, enter 192.168.1.20.
The Tenda N301 is a cheap but functional 2.4 Ghz wifi router. It will not run OpenWRT nor DDWRT and is a single band router. I buy them at Microcenter sometimes on sale for less than $10.
Yesterday's was from 220.127.116.11. That is somewhere in CHINANET jiangsu province network. That address runs an amazing amount of stuff
tarvid@tarvid-OptiPlex-7010:~$ nmap 18.104.22.168
A new fiber was installed at the Grant facility replacing the one that had been breached. The breach is not beleaved to have been perpetrated by Russian rats nor part of a wider conspiracy. However a cable was disconnected at our Fairfax Virginia Facility on Sunday. A temporary cable was installed and equipment moved to provide limited operations. No culprit has been identified. Almost back to normal.
TWR has been notified. We are monitoring.
Posted on: 16 September 2016 11:10 AM ￼
We (WideOpenNetworks) dispatched technicians last night when the outage started, they were not able to resolve the issues and are going back out today.
Technicians have identified a fiber break between the building and the tower. We are trying to make enough slack to splice the drop tonight but it appears that will be difficult because of the location of the break. A crew is being scheduled to install a new drop.
TWR reports repairs should be complete later today or tomorrow
Has been repaired. I think affected users are back on line. You might sticky note my phone number 703-657-0099. Leave a message it I do not answer.
There are times when one needs to know the traffic on a network to track down compromised users. It turns out our edge router for the TWR network in Galax is capable of providing the information required.
I set up a packet sniffing streaming receiver here in Fairfax but Mikrotik is adequate for the task so I don't need to collect the information remotely.
I don't put on a stole when listening to confessions but I, like Shultz, know "Nothing!" Be assured that Big Brother has collected enough information upstream to reveal the most sordid details of your affairs.