In the last year we noticed several interesting incidents and events which are certainly worth for use to come back to them in this way again. By the way, only the amount of incidents being solved increased from 495 for the year 2013 to 939 incidents in the last year. And these were often not only negligent events.
Vulnerability of “rom-0“ after half year
In the previous blogposts about the error “rom-0“ I was engaged in the procedure of how to “mend“ a vulnerable router, I analysed the spreading of this error and above all I referred to the web test which we in Laboratories CZ.NIC activated at the address http://rom-0.cz. The last blogpost on this topic attended to the development of number of vulnerable boxes in the Czech Republic and in Slovakia during the first four months from the beginning of our measurings.
Attacks on the web honeypot
Honeynet operated by the CZ.NIC association certainly does not have to be particularly introduced to the readers of this blog. Besides articles on this blog there are also accessible source codes of operated honeypots which you can see on our GitLab. In today´s article we will focus on attacks caught on the web honeypot Glastopf.
Linux and other *NIX malware
Some time ago we started to redirect to SSH honeypots in the test mode the outer SSH port from Turrises of some volunteers from the development team. For the biggest number of attackers to “talk“ to us, we allowed in honeypot the login into root by random password; despite this most of bots will anyway do nothing and they will immediately disconnect themselves even after unsuccessful attempt.
Falsification of RSA signatures according to Bleichenbacher
During past days the errors of bash interpreter called Shellshock shaded other messages including errrors in NSS influencing the verification of certificates in Firefox and Chrome. The matter concerned is another instance of not quite common vulnerability which, however, occurs repeatedly: Bleichenbacher´s attack on RSA with little public exponent, typically 3.
Anomalies, botnets, malicious Web sites and attacks on Synology NAS drives, or Where does Turris help?
In our Turris project, in addition to taking preventive measures that would protect users against various attacks from the outside, we also do other activities. Those include contacting clients from whose side we detect attempts to connect to IP addresses that are known to be botnets’ command and control centers, or blocking IP addresses that are used by websites to perform malicious attacks on users. During that time we have seen some curious incidents that I would like to briefly outline here.