Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices


Chronological Thread 
  • From: Paul Howell <>
  • To: "" <>
  • Subject: Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
  • Date: Thu, 19 Apr 2018 13:27:33 +0000
  • Accept-language: en-US
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=internet2.edu;
  • Ironport-phdr: 9a23:mI/FmRwEFkPuIzjXCy+O+j09IxM/srCxBDY+r6Qd2u0TIJqq85mqBkHD//Il1AaPAd2Araocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HdbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRHolikJKiI5/m/UhMx+jq1UrhOhqABwzYHbe4yVKOFxfqbBcd8GX2dMXMBcXDFBDIOmaIsPCvIMM/xCoIngo1sFsBmwBQ6iBezxzj9IgmL90Koi0+QhFgHH0hIvH9YKsHnPrdX1MrsSXv6vzKnO0zrDc+1a1S3j54fVbxAsuPeBVq9zf8rJ0UQjCRnKgkmNpYHgIj+Zy/kBvm2V7+dvSe6jl2sqpgNvrTWgxsohj4zEipwJxlzY7Sl13po5KcGlREN+btOpE4FfuiKfOoZ3Qc4iTX9ntSM0yr0It567ci0HxZA7yxLBafGKdpWE7Q/tWemKJDp0mnxld6mliBu38kWs1+7xW8is3FZEsCVIkcXAu3UI2hHc98SLVOdx80Ku1DmSywze5eRJLl01mKXANpIsx709moQXvETNGCL9hV/4g7WMdko+/+il8+Tnbavipp+bL4J6kh3zPKMylsChGOg1LAoBU3WC9eS7z7Ls41f1QLJXjv0qiabZt43aJcIGqaKjGw9VyIEj6wqhADi6zNQYnH4HLFRfdBKAkojpJ1XOIPf/Dfe8mVijjDBrx/XeMr3gBJXCMGTDna//cbln90JQ1Q8+wc1C655JD7wBLv3+VlPtuNHdDBI2LQO5zubiBdh4yI8SRX6DDrecMKzIsF+I4uwvI/OLZI8QoDv9M/gl5/ngjHAnnV8debKk3ZoRaHCkAPtmOUOZbmTwgtsfC2sFoBcxTPHyhF2YTTFTf2qyX7475jwjE4KpE5vMRp23gLyAwCe6HoRaZ25JCl2XFXfodp6EW+sXaC6MOMNhkzoEVaS/RI870xGhqhP6x6R9IuXK5yIYqMGr6N8grfbengwo9CBlStuS+2CLU2xumG4UHXk70L016Rhmx1yey6lkkrlHGvRS4e9ESAE3KcSawuBnXYPcQAXEK++AVVLuYtK5DDU1BoYpw9gRbkJ5M9Skkh3Z2Se2WfkYm6HdV898yb7Vw3Wkf5U18H3BzqR011Q=
  • Spamdiagnosticoutput: 1:0

Hi Michael,

There wasn't a graph attached.

Regards,
Paul

-----Original Message-----
From:
<>
on behalf of Michael H Lambert
<>
Reply-To:
""

<>
Date: Thursday, April 19, 2018 at 9:08 AM
To:
""

<>
Subject: Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored
Cyber Actors Targeting Network Infrastructure Devices

Paul,

> Here is a graph from syslog collection of discards from our core
routers
> showing the number of discards per day. The discard happens when the
> router is the destination for a packet but and the firewall filter
> discards instead of accepts the packet. The graph shows a significant
> increase in discards from Russia beginning in early February.
>
> This shouldn't come as a surprise given the advisory.
>
> Others likely saw increased scanning from Russia. If you did, would
you
> be willing to share graphs or data on this?

Do you have a sense of how much of the "unwanted" traffic came in over
the R&E network?

Thanks,

Michael

--
Michael H Lambert, GigaPoP Manager Phone: +1 412 268-4960
Pittsburgh Supercomputing Center/3ROX FAX: +1 412 268-5832
300 S Craig St, Pittsburgh, PA 15213 USA







Archive powered by MHonArc 2.6.19.

Top of Page