Belgian network security notes from Arbor networks
1. Yesterday there were quite some DDOS attacks
|Maximum packet rate||2.18 M pps|
|Maximum traffic rate||748.51 Mbps|
|Attack class||Misuse: 14 Profiled: 4|
|Attack subclass||Total Traffic: 1, Bandwidth: 1, Protocol: 1, DNS: 2,|
2. There were also a number of interesting attack scans, that show also that some people are looking for ways to penetrate networks and sites (VNC scanning for example) and show the importance of updating your windows software.
|Microsoft Windows RPC Heap Corruption buffer overflow attempt||3.02||+1846.6 %||CVE-2003-0715|
|Microsoft Windows ASN.1 Library buffer overflow attempt||2.60||-75.4 %||CVE-2003-0818|
|ASN.1 constructed bit string||2.33||-77.1 %||CVE-2005-1935|
|VNC network scanning activity||0.94||+121614.2 %|
|SCAN Sipvicious Scan||0.24||+100.0 %|
The Sipvicious scan is a scan in which one is scanning for the use of VOIP. VOIP is not a secure protocol an sich and needs to be accompanied by heavy investments in security and availability. It is also vulnerable for snooping and Man in the Middle attacks so strong encryption is necessary. Should I remind my Belgian readers that our Finance Administration uses VOIP ? I hope it is better secured than their tax-on-web which is phishing prone.
and the attackers yesterday were