netsec-sig - Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
Subject: Internet2 Network Security SIG
List archive
Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
Chronological Thread
- From: Michael H Lambert <>
- To:
- Subject: Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
- Date: Thu, 19 Apr 2018 09:08:20 -0400
- Dkim-filter: OpenDKIM Filter v2.11.0 mailer2.psc.edu w3JD8Lak003589
- Ironport-phdr: 9a23:dL8AdxMBckF0QWUCoHol6mtUPXoX/o7sNwtQ0KIMzox0Lf7yrarrMEGX3/hxlliBBdydt6ofzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlGiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkaKTA5/mHZhM9+gq1Vrx2upQBwzYHPbYGJNvdzZL/Rcc8USGdDWMtaSixPApm7b4sKF+cPOudYoJX9p1QUsxS+ARSnCuHywTFOnHD22LY13Po7EQHawQctGNYOv27RrNruKqgSS/y1wbLQzTXYc/xawyny55XVch04p/yHQLF+cdLJxEUyCQ/IjU+cpZHmMj+LzOgAsXSX4/B9We6zimMrswB8rzq1yssxiYTEh5gZxk3A+Clj3Yo4IdO1RUhmatC+CpRQrTuVN45uT8MiXW5ovCE6x6UDuZGhfSgKzIooxwTBZ/Cda4iI+Q7sWPyPLjhlmXJpYLO/hxCs/ki80uDwS9e43VVQoiZYkdTAqGoB2h7P5sSdV/dx4kas1S6K1w/J6+FEJU40lbDcK54k2rMwkoAcsUHYESDogkX2kLSbdl0/+ue08ejofKjppoKEO49ulg7+KrgumtC4AekgKQgBQXSU+fmm1L3i4U34QKxGj/M5kqTCtJDaJN8bprKiAwNLyIoj6hC/Dyu439QCm3kIMk5FdAydg4f3Jl7OPaOwMfDqmFmnjS1q2+GDIbLJA5PRI2LFnau7O7tx9h1y0g02mPVe7JJdB7VJALrXU0r7ucbERks9Ogm+zvz7IM1m3cUTVX/ZUfzRC7/brVLdvrFnGOKLfoJA4Ds=
Paul,
Here is a graph from syslog collection of discards from our core routers showing the number of discards per day. The discard happens when the router is the destination for a packet but and the firewall filter discards instead of accepts the packet. The graph shows a significant increase in discards from Russia beginning in early February.
This shouldn't come as a surprise given the advisory.
Others likely saw increased scanning from Russia. If you did, would you be willing to share graphs or data on this?
Do you have a sense of how much of the "unwanted" traffic came in over the R&E network?
Thanks,
Michael
--
Michael H Lambert, GigaPoP Manager Phone: +1 412 268-4960
Pittsburgh Supercomputing Center/3ROX FAX: +1 412 268-5832
300 S Craig St, Pittsburgh, PA 15213 USA
- [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, Paul Howell, 04/16/2018
- RE: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, Anthony Brock, 04/18/2018
- Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, Paul Howell, 04/19/2018
- Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, Michael H Lambert, 04/19/2018
- Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, Paul Howell, 04/19/2018
- RE: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, Anthony Brock, 04/18/2018
Archive powered by MHonArc 2.6.19.