Home > Internet > Interesting situation at work

Interesting situation at work


Two months ago, my new job saw an all time bandwidth traffic record of 151GB being used. This was an astonishing feat, as the previous high had been 90 odd, and during the June time period students were writing exams, so usage should have been quite low. Traffic was running at a constant +-300 kb/s, which was impacting our speed quite a lot. This was running right during the night, which was very weird.

After scratching our heads we were at a loss to describe how this had happened. Neither I nor my colleague had been downloading files nor running torrents. We suspected a member of staff had been doing so, or a student who messed with a staff member’s pc. We then went on a wild hunt to find this but we had no luck.

By happenstance, we got warned that we were sending spam, and after doing some detective work to find out what happened, the truth finally came out. One of our servers was being used as a proxy for spam. This particular server was set up with Squid and Dansguardian to provide internet access for students, and due to a rather messed up Netware authentication situation at work, my colleague gave the server a public IP address.

The end result was that spammers found the computer and used Squid as an open relay to send their spam. We have no clue how many messages must have passed through the server before we locked it down, but I imagine it must have been in the tens of thousands.

After locking things down, my colleague discovered that hacking attempts were taking place, as it appeared someone was trying to log in via SSH through a dictionary attack. Luckily this failed due to strong passwords, but it was still an astonishing site for me.

In all, we learnt some valuable lessons when it comes to what you let loose on a public IP. It’s happened once more since then, as my colleague was testing something and forgot to firewall the server. Luckily we caught it the next day and he shut it down.

Hopefully we don’t have a situation again like that someday. It’s embarrassing and a security risk.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: