FILTER: {"$and": [{"Category" : "Availability.DoS"}, {"Node.Type": "Flow"}, {"Node.Type": "Statistical"}]} !!! DOS 'Availability.DoS:Test_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_TCP_SYN_packets_received_by_x_(probably_SYN_flood_attack)': 4, !!! DOS 'Availability.DoS:Test_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_emmited_by_x_(probably_flooding_DoS_attack)': 2104, !!! DOS 'Availability.DoS:Test_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_received_by_x_(probably_flooding_DoS_attack)': 6323, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_*__+++_*': 2, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_TCP_SYN_packets_emitted_by_x_(probably_SYN_flood_attack)': 27, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_TCP_SYN_packets_received_by_x_(probably_SYN_flood_attack)': 60, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_emitted_by_x_(probably_flooding_DoS_attack)': 214, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_received_by_x_(probably_flooding_DoS_attack)': 7106, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_*__+++_x_received_abnormally_high_number_of_large_DNS_replies_-_probably_a_victim_of_DNS_amplification_DoS_attack': 3449, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_Backscatter_+++_DNS_amplification': 1774, !!! DOS 'Availability.DoS_+++_Flow:Statistical_+++_Backscatter_+++_x_sent_abnormally_high_number_of_large_DNS_replies_-_it_was_probably_misused_for_DNS_amplification_DoS_attack': 2339, LABEL_CZ: Útok typu odepření služby LABEL_EN: Denial of service attack SEVERITY: 1 URL: https://csirt.cesnet.cz/cs/services --- !!! DOS 'Availability.DoS:Test_+++_Relay_+++_*__+++_Denial_of_service_attack': 28, Flow netflow based analysis (FTAS, FlowMon, …) Statistical statistical anomaly analysis (SpamAssassin, SSHGuard, usually netflow based detectors) 'Category': ['Availability.DoS', 'Test'], 'Description': 'Denial of service attack', 'DetectTime': b'\xdbV\xa3H\x00\x00\x00\x00', 'EventTime': b'\xdbV\xa3*\x00\x00\x00\x00', 'Format': 'IDEA0', 'ID': '64d21a6d-4680-42a3-9e7d-309ce3286bbc', 'Node': [ {'Name': 'cz.cesnet.mentat.warden_filer', 'Type': ['Relay']}, { 'Name': 'org.liberouter.collector_invea.flowmonads', 'Type': ['Relay']}], --- At its core NSHaRP leverages the power of Netreflex that uses netflow from the GÉANT network to detect and report on incidents. !!! DOS 'Availability.DoS_+++_External:Policy_+++_*__+++_DoS_Attack': 24, 'Description': 'DoS Attack', 'DetectTime': b'\xda\xe6\xf1{\x00\x00\x00\x00', 'Duration': '00:00:59.8889999389648', 'Format': 'IDEA0', 'ID': '1-1463576318.645503-ZUHWK6m03eft', 'Node': [ {'Name': 'cz.cesnet.mentat.warden_filer', 'Type': ['Relay']}, {'Name': 'cz.cesnet.au1.warden_filer', 'Type': ['Relay']}, { 'Name': 'cz.cesnet.ext.nsharp', 'SW': ['NSHARP'], 'Type': ['External', 'Policy']}], 'PacketCount': 1077600, 'Source': [ { 'IP4': [ { 'ip': b'\x93\xe7\x04\xa3', 'max': b'\x93\xe7\x04\xa3', 'min': b'\x93\xe7\x04\xa3'}], 'Port': [64992], 'Proto': ['TCP']}], 'Target': [ { 'IP4': [ { 'ip': b'_\xa8\xd0H', 'max': b'_\xa8\xd0H', 'min': b'_\xa8\xd0H'}], --- FILTER: {"$and": [{"Category" : "Availability.DDoS"}, {"Source.Proto": "dns"}]} !!! DOS 'Availability.DDoS_+++_Flow:Statistical_+++_Backscatter_+++_DNS_amplification': 1283, !!! DOS 'Availibility.DDoS:Test_+++_*__+++_*__+++_DNS_amplification': 3826, !!! DOS 'Availibility.DDoS_+++_*__+++_*__+++_DNS_amplification': 217, !!! DOS 'Availibility.DDoS_+++_*__+++_Backscatter_+++_DNS_amplification': 801, LABEL_CZ: Útok typu odepření služby (DNS amplification) LABEL_EN: Distributed Denial of service attack (DNS amplification) SEVERITY: 1 URL: https://csirt.cesnet.cz/cs/services