Submission + - What to do about suspected network attack
An anonymous reader writes: I help volunteer manage a community open access wireless network covering an innercity area of the United Kingdom.
As well as providing open access internet access via wireless, the network is used to provide internet access to some residential and business properties, where computers connect more conventionally with cat 5 cable
We transparently proxy with squid outgoing http traffic, and recently noticed a number of 'hacking' tools being downloaded to an ip address at a local business / housing coop. Out of interest I ssh'd into the local router at that site, and ran tcpdump on that segment. The pc that had downloaded the tools was spoofing the arp replies of another PC on the local LAN. This looked to me like an attempt to capture data destined to another user there.
What should I do ? I don't manage or have any direct influence on IT at the business where this happened, but I could contact someone who lives there and pass the information on, or I could just ignore it, after all its not really my business, and the traffic does not impact on the wider wireless network.
As well as providing open access internet access via wireless, the network is used to provide internet access to some residential and business properties, where computers connect more conventionally with cat 5 cable
We transparently proxy with squid outgoing http traffic, and recently noticed a number of 'hacking' tools being downloaded to an ip address at a local business / housing coop. Out of interest I ssh'd into the local router at that site, and ran tcpdump on that segment. The pc that had downloaded the tools was spoofing the arp replies of another PC on the local LAN. This looked to me like an attempt to capture data destined to another user there.
What should I do ? I don't manage or have any direct influence on IT at the business where this happened, but I could contact someone who lives there and pass the information on, or I could just ignore it, after all its not really my business, and the traffic does not impact on the wider wireless network.
