incident response

Anonymous
Why? To trace use of Janet, both legitimate and otherwise, helping to investigate and learn from security incidents. Whilst some network events are of a continuing nature, others may only occur sporadically and unexpectedly, and logging of activity can help us understand what took place in the past. Many networks now use Network Address Translation (NAT) or proxy devices that obscure the source of of a connection to the external world, which can prevent the timely investigation of serious incidents.
Anonymous
Janet CSIRT currently runs two mailing lists:
Anonymous
Typical Denial of Service abuse (DoS) involves a very large number of connections or packets being directed to the target computer, either from a single source IP address or (Distributed Denial of Service, DDoS) from a number of addresses, possibly a large number and probably in several different networks. Sometimes the effect is to stop the data network working or make it so slow as to interfere with its normal use; sometimes the target is a single machine which also may cease to work or run very slowly.
Anonymous
What is scanning? See also Port and address scanning. Address range scanning The most common abuse is from a worm (or virus, bot etc) trying to infect other computers by exploiting a single vulnerability on the same port at a great number of addresses. Port scanning You may be reporting packets or connections to a large number of UDP or TCP ports at just one address (or a very small number of addresses).
Anonymous
Information for a Janet organization on scanning activity that may affect their network. Within an organization’s own network scanning activity may be a legitimate form of audit or of information gathering; but it is almost never acceptable otherwise without the express permission of the managers of the target network.
Anonymous
A few simple things are essential for the security of any network connected to today’s hostile Internet. Up-to-date patches All software, operating systems and applications, needs regular updates to remove vulnerabilities as they are discovered. These patches should be installed as promptly as possible after they have been properly tested. Particular care needs to be paid to applications for which automatic updating is not practicable; for example, most Web-based applications. You should contact your software vendor for details of when updates are released.
Anonymous
Abuse from Janet addresses or domains See the general guidance Reporting abuse originating from Janet for notes on which domains and IP addresses are part of Janet.
Anonymous
First think, then react Don’t be too ready to use a button marked “report abuse” (or “this is spam”).It results in real work for a lot of people, and you must do your bit by checking that you are sure you mean what is implied by pressing the button. Don’t send it to the wrong place.In particular when an e-mail message has been delivered to a Janet address it is very rarely useful to complain to Janet CSIRT. The Computer Services or similar department in your own organisation should be able to explain what is going on.
Anonymous
Which IP addresses are Janet? If you can identify from routing information the Autonomous System number of the IP address concerned, Janet is AS786 and this is a clear indication that we are responsible. Otherwise, almost all Janet addresses are recorded in the RIPE Regional Internet Registry, with routes or other information linking them to Janet.
Subscribe to incident response