Library items tagged: CSIRT

Anonymous
As the listed abuse contact for much of the IP address space in use on Janet, Janet CSIRT receives many copyright infringement reports on behalf of the Janet community. Janet CSIRT is not able to identify individual users or machines on its customer organisations’ networks, so the most effective way to deal with these complaints of unacceptable use of the network is to forward them to the responsible customer organisation. Those organisations are required by the Janet AUP to deal effectively with complaints.
Anonymous
Community group and email list
Anonymous
Why? To trace use of Janet, both legitimate and otherwise, helping to investigate and learn from security incidents. Whilst some network events are of a continuing nature, others may only occur sporadically and unexpectedly, and logging of activity can help us understand what took place in the past. Many networks now use Network Address Translation (NAT) or proxy devices that obscure the source of of a connection to the external world, which can prevent the timely investigation of serious incidents.
Anonymous
Typical Denial of Service abuse (DoS) involves a very large number of connections or packets being directed to the target computer, either from a single source IP address or (Distributed Denial of Service, DDoS) from a number of addresses, possibly a large number and probably in several different networks. Sometimes the effect is to stop the data network working or make it so slow as to interfere with its normal use; sometimes the target is a single machine which also may cease to work or run very slowly.
Anonymous
What is scanning? See also Port and address scanning. Address range scanning The most common abuse is from a worm (or virus, bot etc) trying to infect other computers by exploiting a single vulnerability on the same port at a great number of addresses. Port scanning You may be reporting packets or connections to a large number of UDP or TCP ports at just one address (or a very small number of addresses).
Anonymous
Information for a Janet organization on scanning activity that may affect their network. Within an organization’s own network scanning activity may be a legitimate form of audit or of information gathering; but it is almost never acceptable otherwise without the express permission of the managers of the target network.
Anonymous
A few simple things are essential for the security of any network connected to today’s hostile Internet. Up-to-date patches All software, operating systems and applications, needs regular updates to remove vulnerabilities as they are discovered. These patches should be installed as promptly as possible after they have been properly tested. Particular care needs to be paid to applications for which automatic updating is not practicable; for example, most Web-based applications. You should contact your software vendor for details of when updates are released.
Anonymous
Abuse from Janet addresses or domains See the general guidance Reporting abuse originating from Janet for notes on which domains and IP addresses are part of Janet.
Anonymous
Which IP addresses are Janet? If you can identify from routing information the Autonomous System number of the IP address concerned, Janet is AS786 and this is a clear indication that we are responsible. Otherwise, almost all Janet addresses are recorded in the RIPE Regional Internet Registry, with routes or other information linking them to Janet.