Another SSH attack from hacked Windows IIS server

Submitted by tarvid on Wed, 09/28/2016 - 09:06

This time from which is in a netblock The server is in The Los Angeles area. The website is in Chinese. NOC abuse was notified and the following response was received. 9:10 AM (9 minutes ago) to me Hi, We have notified the client regarding the abuse. They have 24 hours to take necessary action. If you still notice the abuse after 24 hours, kindly reply to this ticket and we will null the IP address. Your Ticket Deatils (sic) are as follows: Ticket ID: 1160483 Subject: hacked widows IIS server at

Configuring a NanoStation as an AP

Submitted by tarvid on Sun, 09/25/2016 - 12:52

By default, a NanoStation wants to be a “station” or client. The screen shots below are after configuration. That’s good in that my NanoStation is working as an AP and bad in that it doesn’t show the fumbling I did to get there. Out of the box with your laptop connected to the primary port and your IP address set to, enter

Cheap Wireless bridge

Submitted by tarvid on Fri, 09/23/2016 - 22:01

The Tenda N301 is a cheap but functional 2.4 Ghz wifi router. It will not run OpenWRT nor DDWRT and is a single band router. I buy them at Microcenter sometimes on sale for less than $10.

SSH attacks

Submitted by tarvid on Fri, 09/23/2016 - 10:10

Yesterday's was from That is somewhere in CHINANET jiangsu province network. That address runs an amazing amount of stuff

tarvid@tarvid-OptiPlex-7010:~$ nmap

Grant is back up.

Submitted by tarvid on Thu, 09/22/2016 - 21:04

A new fiber was installed at the Grant facility replacing the one that had been breached. The breach is not beleaved to have been perpetrated by Russian rats nor part of a wider conspiracy. However a cable was disconnected at our Fairfax Virginia Facility on Sunday. A temporary cable was installed and equipment moved to provide limited operations. No culprit has been identified. Almost back to normal.

All of Grant is down - maybe more

Submitted by tarvid on Fri, 09/16/2016 - 09:30

TWR has been notified. We are monitoring.

Posted on: 16 September 2016 11:10 AM 

We (WideOpenNetworks) dispatched technicians last night when the outage started, they were not able to resolve the issues and are going back out today.


Technicians have identified a fiber break between the building and the tower. We are trying to make enough slack to splice the drop tonight but it appears that will be difficult because of the location of the break. A crew is being scheduled to install a new drop.



Submitted by tarvid on Thu, 07/21/2016 - 10:26

There are times when one needs to know the traffic on a network to track down compromised users. It turns out our edge router for the TWR network in Galax is capable of providing the information required. 

I set up a packet sniffing streaming receiver here in Fairfax but Mikrotik is adequate for the task so I don't need to collect the information remotely.

I don't put on a stole when listening to confessions but I, like Shultz, know "Nothing!" Be assured that Big Brother has collected enough information upstream to reveal the most sordid details of your affairs.