RE: MPSWAN security incident report
rajeshk...@mpsedc.com
Dear Team,
Based on MPSWAN security incident reports below mentioned system either compromise/infected or violating the swan policies repeatedly.
Kindly inform the concern to deploy recommended precautionary measures (install antivirus etc) immediately:
Top 10 Intrusion source & victim | |||||
IP address | Count of incident | Location | Department | Email sent to | Remark |
10.124.61.131 | 19 | Pandhurna | LSK |
| |
10.125.83.186 | 10 | Bahoriband | Tehsil Office |
| |
10.124.168.199 | 9 | BHQ-Meghnagar | Janpad Panchayat |
| |
10.124.91.203 | 8 | Bhitarwar | School of Excelence GHSS (VCR School) |
| |
10.124.102.199 | 7 | BHQ-Kailaras | Janpad Panchayat |
| |
10.124.143.198 | 6 | Punasa | JANPAD PANCHAYAT |
| |
10.125.73.25 | 5 | Tikamgarh-DHQ | Local LAN |
| |
10.124.233.112 | 4 | Sheopur-DHQ | Election Office |
| |
10.125.154.188 | 4 | BHQ-Majhgawa | LSK |
| |
10.124.24.151 | 4 | Pipariya | PoP |
|
|
Top 5 botnet | |||||
IP address | Count of incident | Location | Department | Email sent to | Remark |
10.124.143.198 | 7 | Punasa | JANPAD PANCHAYAT |
| |
10.115.24.203 | 7 | Katni-DHQ | NKJ Thana |
| |
10.124.176.142 | 5 | DHQ_Khargone | Lok_Seva |
| |
10.125.11.205 | 3 | BHQ_Pali | Tehsil |
| |
10.125.77.202 | 3 | Palera | LSK |
| |
10.125.111.139 | 3 | BHQ-Paraswada | Tehsil office |
|
Top 5 Users By Request | |||||
IP address | Count of incident | Location | Department | Email sent to | Remark |
10.124.192.144 | 12 | Pansemal | SDM Office, Nirvachan |
| |
10.124.9.141 | 9 | Mhow | Tehsil Office |
| |
10.115.62.84 | 9 | Bhopal | Animal husbandry Kotra |
|
|
10.125.158.230 | 8 | DHQ Dindori | RCBC |
| |
10.124.4.126 | 8 | DARPAN | DARPAN |
|
|
Top 5 Bandwidth Consuming Users | |||||
IP address | Count of incident | Location | Department | Email sent to | Remark |
10.115.139.34 | 25 | Bhopal | Jail Mukhyalaya |
| |
10.115.139.38 | 20 | Bhopal | Jail Mukhyalaya |
| |
10.125.99.3 | 5 | Bhopal | Local LAN |
| |
10.124.80.211 | 3 | Shahdol | jila Jail |
| |
10.124.149.221 | 3 | Dhar | RCBC DHAR |
| |
So kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services.
In case users confirm us that he/she has deployed the precautionary measure and clean their system ("Cyber Swachhta Kendra" ,Botnet Cleaning and Malware Analysis Center, then pls acknowledge us for resuming the services.
Regards
Rajesh Kushwaha
Bhopal (M.P)
From: RajeshPrasadKushwaha mpsedc <rajeshk...@mpsedc.com>
Sent: 06 October 2018 16:58
To: Jagdish Shrivas <jagd...@mpsedc.com>; Deepak Verma <deepa...@mpsedc.com>; Robin Sharma <robin...@mpsedc.com>; Rohit Gupta <rohit...@mpsedc.com>; Saurabh Dubey <saurabhk...@mpsedc.com>; Mahendra Kumar <m.k...@mpsedc.com>; degmhos...@gmail.com; egovma...@googlegroups.com; Aegovm...@google.com; prat...@netlink.com; MBel...@netlink.com
Cc: Ripudaman Bhadoria <pds...@mpsedc.com>; rambadkar <ramb...@mpsedc.com>; john rebeiro <johnr...@mpsedc.com>; Manoj Saxena <manojkum...@mpsedc.com>; khali...@mapit.gov.in; Yogendra Varma <yogend...@kpmg.com>
Subject: Re: MPSWAN security report
Dear Team,
Based on this week incident report below mentioned system users either compromise/infected or violating the swan policies repeatedly.Kindly inform the concern to deploy precautionary measure recommended by cyberswatchhta:
Top Bandwidth Consuming | ||
10.115.139.34 | Jail Mukhyalaya | |
10.115.139.38, | Jail Mukhyalaya | |
Top Users By Request | ||
10.124.192.144 | SDM Office, Nirvachan | |
10.125.10.202 | RCBC,umaria | |
10.124.104.216 | Mahila Polytechnic,sehore | |
10.125.158.230 | RCBC ,dindori | |
10.125.169.199 | Panchayat & Rural Development Department,jaithari | |
10.124.3.154 | Bhopal RSK | |
Top botnet(command&control)attack | ||
10.124.90.208 | LSK,dabra | |
10.124.171.158 | Janpad,Sondawa | |
10.125.77.202 | LSK,Palera | |
10.124.48.145 | Janpad,Kundam | |
10.124.96.211 | RCBC,Morena | |
Top intrusion source & victim system/users | ||
10.124.61.131 | LSK,Pandhurna | |
10.125.83.186 | Tehsil,Bahoriband | |
10.124.91.203 | VCR,Bhitarwar | |
10.124.102.199 | Janpad,Kailaras |
|
Even after multiple reminders no appropriate action taken and this week below user again identified:
10.125.77.202 | LSK,Palera | |
10.124.48.145 | Janpad,Kundam |
10.124.96.211 RCBC,Morenagoyalgo...@gmail.com
10.124.192.144 | SDM Office, Pansemal |
10.125.10.202 | RCBC,umaria |
10.124.104.216 | Mahila Polytechnic,sehore |
10.125.158.230 | RCBC ,dindori |
10.125.169.199Panchayat ,jaitharimanr...@gmail.com
10.124.3.154 Bhopal RSK kushwah...@gmail.com
10.115.139.34 Jail Mukhyalaya,dhqcont...@mp.gov.in
10.115.139.38,Jail Mukhyalaya,dhqcont...@mp.gov.in
So kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services.
In case users confirm us that he/she has deployed the precautionary measure and clean their system ("Cyber Swachhta Kendra" ,Botnet Cleaning and Malware Analysis Center,refer http://mapit.gov.in/cyberswachta.aspx) then pls acknowledge us for resuming the services.
Regards
Rajesh Kushwaha
Bhopal (M.P)
On 10/05/18 06:22 PM, "RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com> wrote:
Dear Team,
Response awaited,
Top botnet
10.125.77.202 PaleraLSK
10.124.48.145 KundamJanpad
10.124.96.211 DHQ_MorenaRCBC
Top Users by Request
10.124.192.144PansemalSDM Office, Nirvachan
10.125.10.202 DHQ_UmariaRCBC
10.124.104.216DHQ_SehoreMahila Polytechnic
10.125.158.230DHQ DindoriRCBC
10.125.169.199BHQ JaithariPanchayat & Rural Development Department
10.124.3.154 BhopalBhopal RSK
10.115.137.34 BhopalPWD
Top Bandwidth Consuming user
10.115.139.34 BhopalJail Mukhyalaya
10.115.139.38 BhopalJail Mukhyalaya
10.124.4.75 BSNL NMSBSNL NMS
Kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services from 8 oct 2018.
Regards
Rajesh Kushwaha
Bhopal (M.P)
On 10/01/18 01:09 PM, "RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com> wrote:
Dear TLs/DeGMs/AeGMs/FMS ,
Would like to inform you that below mentioned system are either compromise or violating the swan policies repeatedly (Based on the daily security firewall incident reports):
Top botnet
10.125.77.202 PaleraLSK
10.124.48.145 KundamJanpad
10.124.96.211 DHQ_MorenaRCBC
Top Users by Request
10.124.192.144PansemalSDM Office, Nirvachan
10.125.10.202 DHQ_UmariaRCBC
10.124.104.216DHQ_SehoreMahila Polytechnic
10.125.158.230DHQ DindoriRCBC
10.125.169.199BHQ JaithariPanchayat & Rural Development Department
10.124.3.154 BhopalBhopal RSK
10.115.137.34 BhopalPWD
Top Bandwidth Consuming user
10.115.139.34 BhopalJail Mukhyalaya
10.115.139.38 BhopalJail Mukhyalaya
10.124.4.75 BSNL NMSBSNL NMS
Even after multiple reminders no appropriate action taken,so kindly intimate user/stakeholder that we are proceeding toward stopping/disabling swan services.
In case users confirm us that he/she have deployed the precautionary measure and clean their system ("Cyber Swachhta Kendra" ,Botnet Cleaning and Malware Analysis Center,refer http://mapit.gov.in/cyberswachta.aspx) then pls acknowledge us for resuming the services.
Regards
Rajesh Kushwaha
Bhopal (M.P)
On 10/01/18 11:10 AM, "RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com> wrote:Dear Team,
As discussed in the VC , please find the attached mpswan firewall reports.
Regards
Rajesh Kushwaha
Bhopal (M.P)
Original Message Re: MPSWAN Firewall daily security report (2nd,3rd & 4th sep 2018).eml
Subject:
Re: MPSWAN Firewall daily security report (2nd,3rd & 4th sep 2018)
From:
"RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com>
Date:
Tue, 04 Sep 2018 11:47:25 +0530
To:
Siddhartha Rajbhatt <sraj...@mpsedc.com>,Pradeep Rathore <PRat...@netlink.com>,Mithlesh Belawat <MBel...@netlink.com>,"Rizwan Mohd. Khan" <RMK...@netlink.com>,Doordarshak Mishra <Doorda...@netlink.com>,Rakesh Manware <RMan...@netlink.com>, Shahab Ahmed <Sha...@netlink.com>,"mpswanh...@gmail.com" <mpswanh...@gmail.com>
Cc:
Ripudaman Bhadoria <pds...@mpsedc.com>,rambadkar <ramb...@mpsedc.com>,john rebeiro <johnr...@mpsedc.com>,Deepak Verma <deepa...@mpsedc.com>,Manoj Saxena <manojkum...@mpsedc.com>,khali...@mapit.gov.in,Yogendra Varma <yogend...@kpmg.com>,Robin Sharma <robin...@mpsedc.com>,Rohit Gupta <rohit...@mpsedc.com>,Jagdish Shrivas <jagd...@mpsedc.com>, Mahendra Kumar <m.k...@mpsedc.com>,Saurabh Dubey <saurabhk...@mpsedc.com>
Dear Team,
Pls find the attached MPSWAN Fortigate firewall security reports (2nd sep 2018 , 3rd sep 2018 & 4th sep 2018 ).
Request you to go through the attachments and do the needful.
Regards
Rajesh Kushwaha
Bhopal (M.P)
On 09/01/18 11:22 AM, "RajeshPrasadKushwaha mpsedc" <rajeshk...@mpsedc.com> wrote:Dear Team,
Pls find the attached MPSWAN Fortigate firewall security report (data range 30/08/2018 23:30 to 31/08/2018 23:29).
As per the attached report:
1.Top users consuming very high bandwidth:
- 10.115.139.34 (Total 335.7 GB used in 24 hrs)
- 10.124.131.116 (Total 275.7 GB used in 24 hrs)
- 10.124.50.214 (Total 169.6 GB used in 24 hrs)
2.Top Intrusion source & victim user systems:
- 10.124.61.131
- 10.115.84.132
- 10.124.143.198
- 10.124.24.158
3.Top Botnet (C&C attack) user systems:
- 10.125.53.198
- 10.125.73.109
- 10.125.37.174
- 10.125.7.165
Recommendation: Kindly inform the users and request to follow the MPSWAN security advisory (http://mapit.gov.in/cyberswachta.aspx)
RegardsRajesh Kushwaha
Bhopal (M.P)
--
--
--
--
Regards
Rajesh Kushwaha
Bhopal (M.P)
Rajendra Ambadkar mpsedc
rajeshk...@mpsedc.com
Ok, Sir
@TLs: Pls inform user through letter.
Rgds
Rajesh