Last updated: 
2 months 1 week ago
Blog Manager

We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Blog Article

Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.

Blog Article

So you've designed your redundant architecture and ensured that your data is being replicated across it? All set? Not quite. Within your DNS configuration there are two timers that we frequently see misconfigured -  TTL values and the SOA expire value.

Frequently we see these left at default a default of one day (86400 seconds). Whilst these may suit many organisations it's worth taking a closer look to make sure that they match your expectation for your DNS services.

Blog Article

We continue to monitor the effect of the filtering of large ntp packets (> 128 bytes) at the Janet borders. Where people have had concerns we've been working with them to make sure that their work is impacted as little as possible by this measure.

The filtering has had a large reduction on the impact to Janet infrastructure but the current filtering limits still allow enough traffic through the Janet border to cause disruption for customers with 100Mb/s, or busy 1Gb/s, connections.

Blog Article

The increasing frequency, number and size of ntp based DDoS attacks against Janet connected organisations has at times briefly degraded connectivity to sections of the network. Whilst we are able to react to these attacks as and when they occur, the impact upon our customers can be significant. This situation is far from unique to Janet - ISPs globally are struggling with this issue.

Blog Article
You can call CSIRT for help
 
If you suspect that your institution is suffering from a DDoS attack you can call on Janet CSIRT for assistance. We can help you understand and analyse the traffic, and in most cases can work with our network operations centre and transit partners to filter traffic. Where possible we work with other network providers to eliminate the sources of the attack.
 
Blog Article

Following on from our messages and briefing at the start of the year, DDOS attacks are continuing to occur at a greater frequency than they have in previous years. We have been working to assist affected customers when they happen.

Many of the attacks make use of unauthenticated UDP based services to reflect and amplify traffic against the chosen target. Open DNS resolvers (53/udp) and increasingly CHARGEN (19/udp) are the two most abused services. It's not unusual to see attacks in the order of 10Gb/s.

Blog Article

Denial of service (DOS) attacks are comparatively rare amongst the types of security incidents that are reported to Janet. The majority of DOS attacks are unsophisticated and subsequently short-lived, causing only minor issues for us due to our network capacity.

Prev | Next