Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices


Chronological Thread 
  • From: Paul Howell <>
  • To: "" <>
  • Subject: Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
  • Date: Thu, 19 Apr 2018 13:33:17 +0000
  • Accept-language: en-US
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=internet2.edu;
  • Ironport-phdr: 9a23:0mchBhYrNLNMtvXS44UZ8HH/LSx+4OfEezUN459isYplN5qZrs+/bnLW6fgltlLVR4KTs6sC17KN9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCazbL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjA57m/Zl9BwgqxYrhKvpRNwzY/Ub52aOvVxZa7dYcgVRW9dUspNTSFMAIWxZJYPAeobOuZYqpHwqUEUohujAQmnGeHhyjhGh3Do2a061/kqHAbe3AwgGNIPvmrbrNHxNKoJUOC1yrXIwivZb/NQxzj99JbEfgo/rv6RQLJ9aMzcwlQsGQPdllict5DpMjGP2ukCsmWX9fdsWOOhhmI9tg18oSCjytkwhoXVm44Yz1/J+CZjz4s2INC1SU12YdC6H5ZVuSGaOYV2Qs0nTmxspCo21L8LtJumcCcXxpko3BvSZ+KJc4eT+B3uUeWcLSp7iX9kYL6/iQi9/Eu8xuD5U8S530tGojRZntTJuX0CygDf58eCR/Rg/0quwiuD2gXQ5+1aJU00m6zWIIM7zLEqjJocq0HDEzf2mEroiK+WcV0p9PC05urgfrnrqIaQOYFzhAzwK6gundewDvoiPggJQmib5f+z1Lr+/U3/XbpGlOU2krPesJDGO8sUurK5Aw5S0oYl8Rq/CCqm0MgcnXkAK1JFewiLgJTuO1HLOPz4DPG/jEqwkDpz2fzKIr/sDo/CI3XCirvtYLdw5kBGxAYuzt1T/5dUBasAIPL3VE/xrtvYDhohPgysw+bnD9t82Z0aWWKLGaKZMaXSsUOW6eI1JemDepMVtCjnJ/c7+vHukGc1mUUBcqmxwZsXdHe4E+x9I0qHfXXsn80BEWYWvgs+VeDrhlKCXCVXZ3azRKI8+io7BJy8AYfCQICtnKKO3D29HpJIemBKFEqAHmn1eIWZCL8wb3fYOcJqjyYFSankVIAJ1BeyuRX8xqY9aOfY52dQ4Ynu38Vv5vHC0A493T1yE8mH1WyRFSd5kn5eFBEs26UqmUVgzh+j1rd1h/gQQcRT4OxEVgMSNJjAwvZ8BsyoHA/NY4HaGx6dXty6DGRpHZoKyNgUbhMlFg==
  • Spamdiagnosticoutput: 1:0
My bad, I misunderstood your message, I thought you were sharing a similar
graph of what you saw.

Some quick checking showed mostly TRCPS.

-----Original Message-----
From:
<>
on behalf of Paul Howell
<>
Reply-To:
""

<>
Date: Thursday, April 19, 2018 at 9:27 AM
To:
""

<>
Subject: Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored
Cyber Actors Targeting Network Infrastructure Devices

Hi Michael,

There wasn't a graph attached.

Regards,
Paul

-----Original Message-----
From:
<>
on behalf of Michael H Lambert
<>
Reply-To:
""

<>
Date: Thursday, April 19, 2018 at 9:08 AM
To:
""

<>
Subject: Re: [Security-WG] FWD: Alert (TA18-106A) Russian State-Sponsored
Cyber Actors Targeting Network Infrastructure Devices

Paul,

> Here is a graph from syslog collection of discards from our core
routers
> showing the number of discards per day. The discard happens when
the
> router is the destination for a packet but and the firewall filter
> discards instead of accepts the packet. The graph shows a
significant
> increase in discards from Russia beginning in early February.
>
> This shouldn't come as a surprise given the advisory.
>
> Others likely saw increased scanning from Russia. If you did,
would you
> be willing to share graphs or data on this?

Do you have a sense of how much of the "unwanted" traffic came in
over
the R&E network?

Thanks,

Michael

--
Michael H Lambert, GigaPoP Manager Phone: +1 412 268-4960
Pittsburgh Supercomputing Center/3ROX FAX: +1 412 268-5832
300 S Craig St, Pittsburgh, PA 15213 USA







Archive powered by MHonArc 2.6.19.

Top of Page