Download as PDF
Blog Article
These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activity of CSIRT and our detection of events rather than their actual rates of incidence.
For example: a successful investigation by researchers into a botnet will cause that month's malware figures to rise even though the malware may have been active in previous months.
Blog Article
Thanks to the generosity of my host, AusCERT, I’ve been able to spend this week in Queensland at AusCERT’s annual conference. Whilst not part of the Australian NREN AARNet, AusCERT fulfils a similar role to Janet CSIRT and provides incident response services to the Higher Education sector in Australia.
Blog Article
| Category | Count |
|---|---|
| Compromise | 16 |
| Copyright | 3 |
| Denial of Service | 18 |
| General Query | 4 |
| LEA Query | 2 |
| Legal/Policy Query | 0 |
| Malware | 519 |
| Net/Security Query | 5 |
| Other | 7 |
| Phishing | 19 |
| Scanning | 9 |
| Social Engineering | 1 |
Blog Article
We continue to monitor the effect of the filtering of large ntp packets (> 128 bytes) at the Janet borders. Where people have had concerns we've been working with them to make sure that their work is impacted as little as possible by this measure.
The filtering has had a large reduction on the impact to Janet infrastructure but the current filtering limits still allow enough traffic through the Janet border to cause disruption for customers with 100Mb/s, or busy 1Gb/s, connections.
Blog Article
| Category | Count |
|---|---|
| Compromise | 111 |
| Copyright | 7 |
| Denial of Service | 61 |
| General Query | 7 |
| LEA Query | 2 |
| Legal/Policy Query | 1 |
| Malware | 380 |
| Net/Security Query | 15 |
| Other | 11 |
| Phishing | 27 |
| Scanning | 10 |
| Social Engineering | 0 |
Blog Article
The increasing frequency, number and size of ntp based DDoS attacks against Janet connected organisations has at times briefly degraded connectivity to sections of the network. Whilst we are able to react to these attacks as and when they occur, the impact upon our customers can be significant. This situation is far from unique to Janet - ISPs globally are struggling with this issue.
Blog Article
We've disabled our monitoring of netflow feeds for W32/Conficker/Downadup infections. Given the decreasing number of vulnerable systems, the wide awareness of this issue and the low threat posed by the malware we've decided it was no longer worth the effort and resources to maintain a system that was generating a handful of alerts each day.
Our reports of infections will continue, but they'll only be sourced from data sent to us by third parties such as Shadowserver.
Blog Article
| Category | Count |
|---|---|
| Compromise | 9 |
| Copyright | 1 |
| Denial of Service | 149 |
| General Query | 9 |
| LEA Query | 4 |
| Legal/Policy Query | 1 |
| Malware | 422 |
| Net/Security Query | 19 |
| Other | 17 |
| Phishing | 30 |
| Scanning | 15 |
| Social Engineering | 0 |
Blog Article
| Category | Count |
|---|---|
| Compromise | 152 |
| Copyright | 2 |
| Denial of Service | 16 |
| General Query | 6 |
| LEA Query | 1 |
| Legal/Policy Query | 1 |
| Malware | 618 |
| Net/Security Query | 4 |
| Other | 11 |
| Phishing | 14 |
| Scanning | 14 |
| Social Engineering | 0 |
Blog Article
You can call CSIRT for help
If you suspect that your institution is suffering from a DDoS attack you can call on Janet CSIRT for assistance. We can help you understand and analyse the traffic, and in most cases can work with our network operations centre and transit partners to filter traffic. Where possible we work with other network providers to eliminate the sources of the attack.
