Library items tagged: incident response

Reporting port or address range scanning

Anonymous
Monday, February 13, 2012 - 19:46
CSIRT
address range scanning
incident response
port scanning
scanning
security
What is scanning? See also Port and address scanning. Address range scanning The most common abuse is from a worm (or virus, bot etc) trying to infect other computers by exploiting a single vulnerability on the same port at a great number of addresses. Port scanning You may be reporting packets or connections to a large number of UDP or TCP ports at just one address (or a very small number of addresses).
Read more

Port and address scanning

Anonymous
Monday, February 13, 2012 - 19:44
CSIRT
address scanning
advice
incident response
port scanning
security
Information for a Janet organization on scanning activity that may affect their network. Within an organization’s own network scanning activity may be a legitimate form of audit or of information gathering; but it is almost never acceptable otherwise without the express permission of the managers of the target network.
Read more

Security advice

Anonymous
Monday, February 13, 2012 - 19:43
CSIRT
advice
incident response
security
A few simple things are essential for the security of any network connected to today’s hostile Internet. Up-to-date patches All software, operating systems and applications, needs regular updates to remove vulnerabilities as they are discovered. These patches should be installed as promptly as possible after they have been properly tested. Particular care needs to be paid to applications for which automatic updating is not practicable; for example, most Web-based applications. You should contact your software vendor for details of when updates are released.
Read more

Reporting spam or other e-mail abuse

Anonymous
Monday, February 13, 2012 - 19:41
CSIRT
abuse
incident response
reporting
security
Abuse from Janet addresses or domains See the general guidance Reporting abuse originating from Janet for notes on which domains and IP addresses are part of Janet.
Read more

Reporting abuse if you are a Janet user

Anonymous
Monday, February 13, 2012 - 19:38
abuse
incident response
reporting
security
Services
First think, then react Don’t be too ready to use a button marked “report abuse” (or “this is spam”).It results in real work for a lot of people, and you must do your bit by checking that you are sure you mean what is implied by pressing the button. Don’t send it to the wrong place.In particular when an e-mail message has been delivered to a Janet address it is very rarely useful to complain to Janet CSIRT. The Computer Services or similar department in your own organisation should be able to explain what is going on.
Read more

Reporting abuse originating from Janet

Anonymous
Monday, February 13, 2012 - 19:37
CSIRT
abuse
incident response
reporting
security
Which IP addresses are Janet? If you can identify from routing information the Autonomous System number of the IP address concerned, Janet is AS786 and this is a clear indication that we are responsible. Otherwise, almost all Janet addresses are recorded in the RIPE Regional Internet Registry, with routes or other information linking them to Janet.
Read more

Reporting abuse

Anonymous
Monday, February 13, 2012 - 19:35
security
CSIRT
incident response
abuse
reporting
Read more

Contact CSIRT

James Davis
Monday, February 13, 2012 - 19:25
CSIRT
Contact
Services
incident response
security
Team contact details You can contact Jisc (formerly Janet) CSIRT by email (preferred) or telephone during service hours; or by post.   Email:  irt@jisc.ac.uk Telephone:  0300 999 2340from outside UK: 00 44 1235 822 340
Read more