Got in to work yesterday, and thought a couple things looked a little off. After a little digging, someone had broken in with a stolen password from offiste, and was still in the process of making a mess.
After yanking the network cable out of the firewall, and powering off the machines that looked like they’d been compromised, I then spent the rest of the day cleaning it up. Namely booting the machines off a CD, checking binaries and removing signs of the intrusion, saving copies of stuff off to another disk for later analysis, all that junk. Finally got to bed around 0230 this morning.
Needless to say, I’m not at work right now. Just woke up a little while ago, and am watching the storms go by. Kinda neat weather, I love big rain/thunderstorms.