CSIRT-IE Reports on Internet Accessible Servers & Services - DoS Attacks
CSIRT-IE primary focus, in regard to the following reports, is to identify Internet accessible servers & services in the State which may be abused in a Denial-of-Service (DoS) attack against a third party. CSIRT-IE seek to inform responsible network operators and constituents, based upon the IP address of the affected server or service, by email and to provide advice and recommendations on how to reduce the threat posed by these Internet accessible servers & services.
Internet accessible servers & services may also be used by an attacker for the purpose of performing a reconnaissance, the process of investigating and identifying weak spots in an organisations network and to map its attack surface, prior to an attack.
Source of Information
The Shadowserver Foundation is a Non-Governmental Organisation and one of the world's leading resources for internet security reporting and malicious activity investigation. The Shadowserver Foundation works with national governments, network providers, enterprises, financial and academic institutions, law enforcement agencies, and others, to reveal security vulnerabilities, expose malicious activity and help remediate victims. The Shadowserver Foundation performs a scan of the entire IPv4 address range every day for Internet accessible servers & services and reports the security vulnerabilities found. In 2022, Shadowserver began to systematically rolling out IPv6 scanning of services. Shadowserver has also participated in the SISSDEN EU Horizon 2020 project using SISSDEN'S Network of Honeypot Sensors to log unsolicited attack traffic which was directed at them. Information on Shadowserver Reports and the data contain therein can be found at Shadowserver Reports
Secure Information Sharing Sensor Delivery Event Network
The Secure Information Sharing Sensor Delivery Event Network (SISSDEN) seeks to improve the cyber security posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information. The SISSDEN project has received funding from the European Union's Horizon 2020 research and innovation programme.
- DNS Open-Resolver Server
- Internet Accessible CHARGEN Service
- Internet Accessible LDAP Service
- Internet Accessible mDNS Service
- Internet Accessible Memcached Server
- Internet Accessible MS-RDPEUDP Service
- Internet Accessible MS-SQL Resolution Service
- Internet Accessible NetBIOS Service
- Internet Accessible NTP Monitor Service
- Internet Accessible NTP Version Service
- Internet Accessible Portmapper Service
- Internet Accessible QOTD Service
- Internet Accessible SNMP Server
- Internet Accessible SSDP Service
- Internet Accessible Ubiquiti Device Discovery Service
Ref:[CERT-Bund and CERT.at]