Library items tagged: incident response

Anonymous
Typical Denial of Service abuse (DoS) involves a very large number of connections or packets being directed to the target computer, either from a single source IP address or (Distributed Denial of Service, DDoS) from a number of addresses, possibly a large number and probably in several different networks. Sometimes the effect is to stop the data network working or make it so slow as to interfere with its normal use; sometimes the target is a single machine which also may cease to work or run very slowly.
Anonymous
What is scanning? See also Port and address scanning. Address range scanning The most common abuse is from a worm (or virus, bot etc) trying to infect other computers by exploiting a single vulnerability on the same port at a great number of addresses. Port scanning You may be reporting packets or connections to a large number of UDP or TCP ports at just one address (or a very small number of addresses).
Anonymous
Information for a Janet organization on scanning activity that may affect their network. Within an organization’s own network scanning activity may be a legitimate form of audit or of information gathering; but it is almost never acceptable otherwise without the express permission of the managers of the target network.
Anonymous
A few simple things are essential for the security of any network connected to today’s hostile Internet. Up-to-date patches All software, operating systems and applications, needs regular updates to remove vulnerabilities as they are discovered. These patches should be installed as promptly as possible after they have been properly tested. Particular care needs to be paid to applications for which automatic updating is not practicable; for example, most Web-based applications. You should contact your software vendor for details of when updates are released.
Anonymous
Abuse from Janet addresses or domains See the general guidance Reporting abuse originating from Janet for notes on which domains and IP addresses are part of Janet.
Anonymous
First think, then react Don’t be too ready to use a button marked “report abuse” (or “this is spam”).It results in real work for a lot of people, and you must do your bit by checking that you are sure you mean what is implied by pressing the button. Don’t send it to the wrong place.In particular when an e-mail message has been delivered to a Janet address it is very rarely useful to complain to Janet CSIRT. The Computer Services or similar department in your own organisation should be able to explain what is going on.
Anonymous
Which IP addresses are Janet? If you can identify from routing information the Autonomous System number of the IP address concerned, Janet is AS786 and this is a clear indication that we are responsible. Otherwise, almost all Janet addresses are recorded in the RIPE Regional Internet Registry, with routes or other information linking them to Janet.
Team contact details You can contact Jisc (formerly Janet) CSIRT by electronic mail (preferred) or telephone during service hours; or by post.   E-mail:  irt@csirt.ja.net Telephone:  0300 999 2340from outside UK: 00 44 1235 822 340   Jisc CSIRTLumen HouseLibrary AvenueHarwell OxfordDidcot, OxfordshireOX11 0SGUnited Kingdom
Anonymous
All Janet services are governed by the Janet policies. Janet CSIRT is the Computer Security Incident Response Team for Janet, the UK’s education and research network. Our primary role is to aid the detection, reporting, investigation and eventual resolution of security incidents occurring on Janet, and our customer’s networks. We also provide advice and education to our customers.