2002 - cesnet
2002 - cesnet 2002 - cesnet
the originating address(es) listed or someone who has brokeninto your system(s) and is launching further attacks from yournetwork. Your computer(s) may also be infected by a network worm.Would you please try to investigate this and/or inform all partiesresponsible that their system(s) may be compromised?Please find below the appropriate IDS log excerpt(s).Time zone used: Central European Time (GMT+1).Yours sincerely,Intrusion Detection System, CESNET, Prague, The Czech Republic.P.S.: I am only a machine and there is no need to respond.However, should you need to contact my master, please do nothesitate to ‘reply’ to this letter. :-)***************************************************************351 connections from a.b.115.230 (pc2-eswd1.....com)Start of scan: 1038521917 = Thu Nov 28 23:18:37 20021038521917 a.b.115.230 3844 -> 195.113.xxx.2 1433... skipping 349 lines ...1038601444 a.b.115.230 4919 -> 195.113.xxx.2 1433End of scan: 1038601444 = Fri Nov 29 21:24:04 2002.Duration: 22:05:27. Frequency: 0.265 [conn/min].***************************************************************302 connections from a.b.240.140 (pc1-oxfd1.....com)Start of scan: 1039015945 = Wed Dec 4 16:32:25 20021039015945 a.b.240.140 24908 -> 195.113.xxx.2 21... skipping 300 lines ...1039017922 a.b.240.140 25362 -> 195.113.xxx.121 1080End of scan: 1039017922 = Wed Dec 4 17:05:22 2002.Duration: 0:32:57. Frequency: 9.165 [conn/min].***************************************************************16 connections from a.b.80.136 (pc1-hudd1.....com)Start of scan: 1038793330 = Mon Dec 2 02:42:10 20021038793330 a.b.80.136 2942 -> 195.113.xxx.28 80... skipping 14 lines ...1038794681 a.b.80.136 3906 -> 195.113.xxx.28 80End of scan: 1038794681 = Mon Dec 2 03:04:41 2002.Duration: 0:22:31. Frequency: 0.711 [conn/min].Judging from reactions of those administrators who replied to these letters, it isobvious that they are grateful for this service.All software created within this project is continuously published on the FTPserver at ftp://ftp.cesnet.cz/local/audit/. Information about the progress of workand new versions of programs are delivered to all persons interested who registeredto the AUDIT-L@cesnet.cz mailing list.198 High-speed National Research Network and its New Applications 2002
19.5 Future Plans, Expected FurtherStepsWe originally expected that the audit project would end in 2002. However, atthe meeting of researchers in Podlesí, the decision was made to improve thesystem, so that administrators do not receive reports in the existing “plain text”format, which may not seem clear enough to administrators of larger numbersof machines. Instead, a form configurable by the administrators themselves accordingto their needs will be used. Workers from the network services operationdepartment promised to provide their remarks and participate in work onsome parts of this project. We plan further improvement of auxiliary programsfor the LaBrea system as well.On this occasion, special thanks should be given to Ing. Dan Studený from theaforementioned department, who contributed to the implementation of theWebBackEnd system in the HTTPS server, although he was not a member ofthis research team.High-speed National Research Network and its New Applications 2002199
- Page 147 and 148: 12.3.1 WP0 - Requirement AnalysisTh
- Page 149 and 150: 1 6 12 18 24 30requirements analysi
- Page 151 and 152: Part IIIOther Projects
- Page 153 and 154: 13 Online Education Infrastructurea
- Page 155 and 156: 13.1.2 Construction of a Teleinform
- Page 157 and 158: with high-capacity disk memories co
- Page 159 and 160: If the collaboration of individual
- Page 161 and 162: ten, whereas items in the hyperlink
- Page 163 and 164: Besides that, we processed some lec
- Page 165 and 166: CallManager was designed using open
- Page 167 and 168: tre, when we were forced to handle
- Page 169 and 170: 15 Intelligent NetFlow AnalyserThe
- Page 171 and 172: In the second half-year, we complet
- Page 173 and 174: 15.4 ConclusionDuring 2002, our tea
- Page 175 and 176: • data space consolidation (easy
- Page 177 and 178: ecord size [kB] 256 512 1024 2048 4
- Page 179 and 180: Figure 16.3: Nishan-Linux measureme
- Page 181 and 182: 16.3.1 No SecurityThe initiator is
- Page 183 and 184: vices. These features mainly involv
- Page 185 and 186: Figure 17.1: www.cesnet.cz• We ha
- Page 187 and 188: The meeting was broadcast live via
- Page 189 and 190: Most of the problems connected with
- Page 191 and 192: Standard manipulator (privileged us
- Page 193 and 194: 19 Security of Local CESNET2Network
- Page 195 and 196: Moreover, the program was complemen
- Page 197: in the network of AV ČR Praha-Krč
- Page 201 and 202: InternetNTPEthernetKPCPPSLabelPPSLa
- Page 203 and 204: generated by the NTP server. Its ou
- Page 205 and 206: 21 Platforms for Streaming andVideo
- Page 207 and 208: streaming serverAAA (LDAPS) server1
- Page 209 and 210: 21.5 Video Content CollaborationPla
- Page 211 and 212: First of all, we had to define an a
- Page 213 and 214: international-scale broadcast will
- Page 215 and 216: Part IVConclusion and Annexes
- Page 217 and 218: 23 ConclusionThe current developmen
- Page 219 and 220: AList of connected institutionsA.1
- Page 221 and 222: institutionconnection [Mbps]Institu
- Page 223 and 224: Karásek Miroslav, Ing., DrSc. Czec
- Page 225 and 226: Voral Pavel, Ing.Voříšek Martin,
- Page 227 and 228: Burčík J.: Optické přepínání
- Page 229 and 230: Veselá S.: Aktivity sdružení CES
- Page 231 and 232: Krsek M.: Platformy pro streaming m
- Page 233 and 234: Zatloukal K., Křivánek V.: Videok
- Page 235 and 236: Satrapa P.: Scavenger: Za Internet
19.5 Future Plans, Expected FurtherStepsWe originally expected that the audit project would end in <strong>2002</strong>. However, atthe meeting of researchers in Podlesí, the decision was made to improve thesystem, so that administrators do not receive reports in the existing “plain text”format, which may not seem clear enough to administrators of larger numbersof machines. Instead, a form configurable by the administrators themselves accordingto their needs will be used. Workers from the network services operationdepartment promised to provide their remarks and participate in work onsome parts of this project. We plan further improvement of auxiliary programsfor the LaBrea system as well.On this occasion, special thanks should be given to Ing. Dan Studený from theaforementioned department, who contributed to the implementation of theWebBackEnd system in the HTTPS server, although he was not a member ofthis research team.High-speed National Research Network and its New Applications <strong>2002</strong>199