Fwd: Re: MPSWAN Firewall daily security report (2nd,3rd & 4th sep 2018)

8 views
Skip to first unread message

RajeshPrasadKushwaha mpsedc

unread,
Oct 1, 2018, 1:41:33 AM10/1/18
to degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, Ripudaman Bhadoria, rambadkar, john rebeiro, Deepak Verma, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma, Robin Sharma, Rohit Gupta, Jagdish Shrivas, Mahendra Kumar, Saurabh Dubey
Dear Team,

As discussed in the VC , please find the attached mpswan firewall reports.


Regards
Rajesh Kushwaha
Bhopal (M.P)
default_Schedule-default-2018-09-02-000100.pdf
default_Schedule-default-2018-09-03-000100.pdf
default_Schedule-default-2018-09-04-000100.pdf

RajeshPrasadKushwaha mpsedc

unread,
Oct 1, 2018, 3:40:50 AM10/1/18
to Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, prat...@netlink.com, MBel...@netlink.com, Managing Director Mam, Ripudaman Bhadoria, rambadkar, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma
Dear TLs/DeGMs/AeGMs/FMS ,

Would like to inform you that below mentioned system are either compromise or violating the swan policies repeatedly (Based on the daily security firewall incident reports):

Top botnet
10.125.77.202  PaleraLSK
10.124.48.145        KundamJanpad
10.124.96.211        DHQ_MorenaRCBC

Top Users by Request
10.124.192.144PansemalSDM Office, Nirvachan
10.125.10.202        DHQ_UmariaRCBC 
10.124.104.216DHQ_SehoreMahila Polytechnic
10.125.158.230DHQ DindoriRCBC 
10.125.169.199BHQ JaithariPanchayat & Rural Development Department
10.124.3.154       BhopalBhopal RSK
10.115.137.34       BhopalPWD

Top Bandwidth Consuming user
10.115.139.34      BhopalJail Mukhyalaya
10.115.139.38      BhopalJail Mukhyalaya
10.124.4.75      BSNL NMSBSNL NMS

Even after multiple reminders no appropriate action taken,so kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services. 
In case users confirm us that he/she have deployed the precautionary measure and clean their system ("Cyber Swachhta Kendra" ,Botnet Cleaning and Malware Analysis Center,refer http://mapit.gov.in/cyberswachta.aspx) then pls acknowledge us for resuming the services.


Regards
Rajesh Kushwaha
Bhopal (M.P)

Original Message Re: MPSWAN Firewall daily security report (2nd,3rd & 4th sep 2018).eml
Subject:
Re: MPSWAN Firewall daily security report (2nd,3rd & 4th sep 2018)
From:
"RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com>
Date:
Tue, 04 Sep 2018 11:47:25 +0530
To:
Siddhartha Rajbhatt <sraj...@mpsedc.com>,Pradeep Rathore <PRat...@netlink.com>,Mithlesh Belawat <MBel...@netlink.com>,"Rizwan Mohd. Khan" <RMK...@netlink.com>,Doordarshak Mishra <Doorda...@netlink.com>,Rakesh Manware <RMan...@netlink.com>, Shahab Ahmed <Sha...@netlink.com>,"mpswanh...@gmail.com" <mpswanh...@gmail.com>
Cc:
Ripudaman Bhadoria <pds...@mpsedc.com>,rambadkar <ramb...@mpsedc.com>,john rebeiro <johnr...@mpsedc.com>,Deepak Verma <deepa...@mpsedc.com>,Manoj Saxena <manojkum...@mpsedc.com>,khali...@mapit.gov.in,Yogendra Varma <yogend...@kpmg.com>,Robin Sharma <robin...@mpsedc.com>,Rohit Gupta <rohit...@mpsedc.com>,Jagdish Shrivas <jagd...@mpsedc.com>, Mahendra Kumar <m.k...@mpsedc.com>,Saurabh Dubey <saurabhk...@mpsedc.com>

Dear Team,

Pls find the attached MPSWAN Fortigate firewall security reports (2nd sep 2018 , 3rd sep 2018 & 4th sep 2018 ).


Request you to go through the attachments and do the needful.


Regards
Rajesh Kushwaha
Bhopal (M.P)

On 09/01/18 11:22 AM, "RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com> wrote:
Dear Team,

Pls find the attached MPSWAN Fortigate firewall security report (data range 30/08/2018 23:30 to 31/08/2018 23:29).

As per the attached report:

1.Top users consuming very high bandwidth:
  • 10.115.139.34 (Total 335.7 GB used in 24 hrs)
  • 10.124.131.116 (Total 275.7 GB used in 24 hrs)
  • 10.124.50.214 (Total 169.6 GB used in 24 hrs)
2.Top Intrusion source & victim user systems:
  • 10.124.61.131
  • 10.115.84.132
  • 10.124.143.198
  • 10.124.24.158
3.Top Botnet (C&C attack) user systems:
  • 10.125.53.198
  • 10.125.73.109
  • 10.125.37.174
  • 10.125.7.165
Recommendation: Kindly inform the users and request to follow the MPSWAN security advisory (http://mapit.gov.in/cyberswachta.aspx)


Regards
Rajesh Kushwaha
Bhopal (M.P)

--

--

Security Report Tracker .xlsx

Saurabh Kumar Dubey

unread,
Oct 1, 2018, 3:48:20 AM10/1/18
to DeGM Jabalpur, DeGM Dindori, Managing Director Mam, Ripudaman Bhadoria, rambadkar, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma, RajeshPrasadKushwaha mpsedc, Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, prat...@netlink.com, MBel...@netlink.com
Dear DeGM,
  As per the trail mail, kindly take seriously and talk to concern department nodal official and clean his PC.
--
Regards,
Saurabh Kumar Dubey
MPSEDC (MPSWAN)
Phone No.:- 0755- 2518344
Mob. :- 08839254514

MPSWAN helpdesk No.:- 0755-2518411 ,412 ,413

RajeshPrasadKushwaha mpsedc

unread,
Oct 5, 2018, 8:52:42 AM10/5/18
to Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, prat...@netlink.com, MBel...@netlink.com, Ripudaman Bhadoria, rambadkar, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma
Dear Team,

Response awaited,
Top botnet 
10.125.77.202  PaleraLSK
10.124.48.145        KundamJanpad
10.124.96.211        DHQ_MorenaRCBC

Top Users by Request
10.124.192.144PansemalSDM Office, Nirvachan
10.125.10.202        DHQ_UmariaRCBC 
10.124.104.216DHQ_SehoreMahila Polytechnic
10.125.158.230DHQ DindoriRCBC 
10.125.169.199BHQ JaithariPanchayat & Rural Development Department
10.124.3.154       BhopalBhopal RSK
10.115.137.34       BhopalPWD

Top Bandwidth Consuming user
10.115.139.34      BhopalJail Mukhyalaya
10.115.139.38      BhopalJail Mukhyalaya
10.124.4.75      BSNL NMSBSNL NMS
Kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services from 8 oct 2018.

Regards
Rajesh Kushwaha
Bhopal (M.P)


--

Mithlesh Belawat

unread,
Oct 6, 2018, 1:22:02 AM10/6/18
to nsmp...@netlink.com, Ripudaman Bhadoria, rambadkar, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma, rajeshk...@mpsedc.com, Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, Pradeep Rathore

Dear Sir,

 

Please refer trail mail and inform to user for necessary action.

 

Thanks & Regards
Mithlesh Belawat, Operation Manager (MPSWAN), EMS| Netlink Software Pvt. Ltd |Your link to Immediate Business Results |India|

Mobile No.7773004526

MPSWAN Helpdesk No :0755-2518411,12

 www.netlink.com 

***WARNING: This email originated from outside of the organization. If you do not recognize the sender do not open attachments or click any links contained in this email unless and know contents are safe.***



___________________________________________________________________

RajeshPrasadKushwaha mpsedc

unread,
Oct 6, 2018, 7:27:47 AM10/6/18
to Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, prat...@netlink.com, MBel...@netlink.com, Ripudaman Bhadoria, rambadkar, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma
Dear Team,

Based on this week incident report below mentioned system users either compromise/infected or violating the swan policies repeatedly.Kindly inform the concern to deploy precautionary measure recommended by cyberswatchhta: 



Even after multiple reminders no appropriate action taken and this week below user again identified: 
10.125.77.202 LSK,PaleraLokesev...@gmail.com
10.124.48.145Janpad,Kundam anil977...@gmail.com
10.124.96.211 RCBC,Morenagoyalgo...@gmail.com
10.124.192.144SDM Office, Pansemalsdmp...@gmail.com
10.125.10.202RCBC,umaria ceoz...@mp.gov.in
10.124.104.216Mahila Polytechnic,sehoreprinwp...@mp.gov.in
10.125.158.230RCBC ,dindorirbunk...@gmail.com
10.125.169.199Panchayat ,jaitharimanr...@gmail.com
10.124.3.154          Bhopal RSK            kushwah...@gmail.com
10.115.139.34 Jail Mukhyalaya,dhqcont...@mp.gov.in
10.115.139.38,Jail Mukhyalaya,dhqcont...@mp.gov.in

So kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services.

In case users confirm us that he/she has deployed the precautionary measure and clean their system ("Cyber Swachhta Kendra" ,Botnet Cleaning and Malware Analysis Center,refer http://mapit.gov.in/cyberswachta.aspx) then pls acknowledge us for resuming the services.  

Regards 
Rajesh Kushwaha 
Bhopal (M.P)


--

Rajendra Ambadkar mpsedc

unread,
Oct 6, 2018, 7:40:19 AM10/6/18
to RajeshPrasadKushwaha mpsedc, Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, prat...@netlink.com, MBel...@netlink.com, Ripudaman Bhadoria, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma
Dear SWAN Team
Pl. inform to all top users, botnet and intrusion source & victim system/users.
--
Regards
Rajendra Ambadkar
General Manager (SWAN/SDC)
T.No. 07552518404

Mithlesh Belawat

unread,
Oct 6, 2018, 7:50:45 AM10/6/18
to ramb...@mpsedc.com, Ripudaman Bhadoria, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma, RajeshPrasadKushwaha mpsedc, Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, Pradeep Rathore

Dear Sir,

 

We are regularly informed to concern for necessary action to prevent  such types of attacks.

 

Thanks & Regards
Mithlesh Belawat, Operation Manager (MPSWAN), EMS| Netlink Software Pvt. Ltd |Your link to Immediate Business Results |India|

Mobile No.7773004526

MPSWAN Helpdesk No :0755-2518411,12

 www.netlink.com 

 

From: ramb...@mpsedc.com [mailto:ramb...@mpsedc.com]
Sent: Saturday, October 06, 2018 5:10 PM
To: RajeshPrasadKushwaha mpsedc; Jagdish Shrivas; Deepak Verma; Robin Sharma; Rohit Gupta; Saurabh Dubey; Mahendra Kumar; degmhos...@gmail.com; egovma...@googlegroups.com; Aegovm...@google.com; Pradeep Rathore; Mithlesh Belawat
Cc: Ripudaman Bhadoria; john rebeiro; Manoj Saxena; khali...@mapit.gov.in; Yogendra Varma
Subject: Re: MPSWAN security report

 

Dear SWAN Team

***WARNING: This email originated from outside of the organization. If you do not recognize the sender do not open attachments or click any links contained in this email unless and know contents are safe.***



___________________________________________________________________

Rohit Gupta

unread,
Oct 6, 2018, 7:58:20 AM10/6/18
to aegm...@gmail.com, Deependra Pathak, neerajksh...@yahoo.co.in, RajeshPrasadKushwaha mpsedc, Jagdish Shrivas, Deepak Verma, Robin Sharma, Rohit Gupta, Saurabh Dubey, Mahendra Kumar, degmhos...@gmail.com, egovma...@googlegroups.com, Aegovm...@google.com, prat...@netlink.com, MBel...@netlink.com, Cc: Ripudaman Bhadoria, john rebeiro, Manoj Saxena, khali...@mapit.gov.in, Yogendra Varma
Dear AeGM

 please resolve botnet infection at LSK Dabra as soon as possible
please resolve the botnet infection at  location Bhitarwar





-------- Original Message --------
From:
Rajendra Ambadkar mpsedc <ramb...@mpsedc.com>

Date: Oct 6, 2018 5:12:08 PM
Subject: Re: MPSWAN security report
--
Thanks & Regards
Rohit Gupta
Team Lead
MPSWAN-MPSEDC
Reply all
Reply to author
Forward
0 new messages