01/06/2009

Belgian network security notes from Arbor networks

1. Yesterday there were quite some DDOS attacks

Inbound Attacks4
Outbound Attacks14
Maximum packet rate2.18 M pps
Maximum traffic rate748.51 Mbps
Attack classMisuse: 14 Profiled: 4
Attack subclassTotal Traffic: 1, Bandwidth: 1, Protocol: 1, DNS: 2,

2. There were also a number of interesting attack scans, that show also that some people are looking for ways to penetrate networks and sites (VNC scanning for example) and show the importance of updating your windows software.

Microsoft Windows RPC Heap Corruption buffer overflow attempt3.02+1846.6 % CVE-2003-0715
29.7%
Microsoft Windows ASN.1 Library buffer overflow attempt2.60-75.4 % CVE-2003-0818
25.5%
ASN.1 constructed bit string2.33-77.1 % CVE-2005-1935
22.8%
VNC network scanning activity0.94+121614.2 %
9.3%
SCAN Sipvicious Scan0.24+100.0 %
2.3%

The Sipvicious scan is a scan in which one is scanning for the use of VOIP. VOIP is not a secure protocol an sich and needs to be accompanied by heavy investments in security and availability. It is also vulnerable for snooping and Man in the Middle attacks so strong encryption is necessary. Should I remind my Belgian readers that our Finance Administration uses VOIP ? I hope it is better secured than their tax-on-web which is phishing prone.

and the attackers yesterday were

87.64.22.95 (95.22-64-87.adsl-dyn.isp.belgacom.be)4.87
47.8%
81.243.52.45 (45.52-243-81.adsl-dyn.isp.belgacom.be)0.27
2.6%
81.246.236.231 (231.236-246-81.adsl-dyn.isp.belgacom.be)0.26
2.5%
91.179.250.220.24
2.3%
87.65.127.44 (44.127-65-87.adsl-dyn.isp.belgacom.be)0.20
1.9%
194.78.255.51 (l0.iedgebnc2.isp.belgacom.be)0.18
1.8%
62.58.98.2100.13
1.3%
87.64.226.242 (242.226-64-87.adsl-dyn.isp.belgacom.be)0.12
1.2%
81.245.156.190 (190.156-245-81.adsl-dyn.isp.belgacom.be)0.10
1.0%
87.64.129.83

Permalink |  Print |  Facebook | | | | Pin it! |

Post a comment