Security Incidents mailing list archives

Djohn & John the Ripper


From: netsecurity <netsecurity () duracompanies com>
Date: Wed, 21 Apr 2004 11:18:25 -0500

We recently discovered a laptop that had the client of DJohn installed
and calling "home".  We've identified the IP it is calling and are
trying to crack the target password to see if it is one of ours.
We're hoping that this is just a case of someone using the parallel
processing power of someone else's computer to crack a 3rd party
password.

What we're most concerned about is how the client got onto the laptop
to begin with.  We're behind a Checkpoint FW and when the laptop is
used off site it is also behind a FW appliance.  This laptop runs W2K
and has extensive software on it (belongs to a programmer) with VB,
SQL, etc with ALL MS patches installed before the discovery.

User swears he didn't download anything - which we have to take at
face value at this point.

Any thoughts, suggestions?  TIA!

A.G. Taylor

_______________________
Network Security
Dura Builders
5740 Decatur Blvd.
Indianapolis, IN, 46241




(C)opyright Dura Builders, ~2004~ Indianapolis, IN,  All Rights Reserved
-------------------------------------------------------------------------
The  information  contained  in   this  e-mail   message is confidential, 
intended   only  for the  use of  the  individual or  entity named above. 
If  the  reader  of this e-mail is  not  the  intended recipient,  or the 
employee or  agent  responsible to  deliver it to the intended recipient, 
you are hereby  notified  that any  review,  dissemination,  distribution 
or copying  of  this  communication  is strictly prohibited.  If you have 
received  this e-mail  in error,    contact netsecurity () duracompanies com
-------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------


Current thread: