In a household, router is a central point through which a household is connected to the Internet. That is why the router is offered as a suitable place for various interesting analyses and statistics. The project Turris, that is true, offers a fairly big amount of analyses, statistics and tests, Majordomo, however, is the first tool which is intended purely for users and data are not sent from it for further processing.
Vulnerability of “rom-0“ after half year
In the previous blogposts about the error “rom-0“ I was engaged in the procedure of how to “mend“ a vulnerable router, I analysed the spreading of this error and above all I referred to the web test which we in Laboratories CZ.NIC activated at the address http://rom-0.cz. The last blogpost on this topic attended to the development of number of vulnerable boxes in the Czech Republic and in Slovakia during the first four months from the beginning of our measurings.
Attacks on the web honeypot
Honeynet operated by the CZ.NIC association certainly does not have to be particularly introduced to the readers of this blog. Besides articles on this blog there are also accessible source codes of operated honeypots which you can see on our GitLab. In today´s article we will focus on attacks caught on the web honeypot Glastopf.
Linux and other *NIX malware
Some time ago we started to redirect to SSH honeypots in the test mode the outer SSH port from Turrises of some volunteers from the development team. For the biggest number of attackers to “talk“ to us, we allowed in honeypot the login into root by random password; despite this most of bots will anyway do nothing and they will immediately disconnect themselves even after unsuccessful attempt.
Falsification of RSA signatures according to Bleichenbacher
During past days the errors of bash interpreter called Shellshock shaded other messages including errrors in NSS influencing the verification of certificates in Firefox and Chrome. The matter concerned is another instance of not quite common vulnerability which, however, occurs repeatedly: Bleichenbacher´s attack on RSA with little public exponent, typically 3.
The world of domains in numbers (and graphs)
After some time I would once again like to come back to the domain statistics and question about how many domains there are in the world. This time I will accompany the number 276 million representing the total number of registered domains by several graphs and information based on statistics of the organizations Verisign and CENTR (Council of European National Top Level Domain Registries).
Europe has new legislation: it will influence e-signature, data boxes as well as server certificates
At the end of July the Council of Ministers of EU approved new legislation which for almost three years of preparations became common as eIDAS. The regulation on electronic identification and trustworthy services for electronic transactions in the internal market and on the abolition of directive 1999/93/EC which is the whole official name of eIDAS was a few days ago published in the Official Reports and so we can have a look at which essential changes it brings and how it will affect the electronic services and the Internet in the Czech Republic.
Anomalies, botnets, malicious Web sites and attacks on Synology NAS drives, or Where does Turris help?
In our Turris project, in addition to taking preventive measures that would protect users against various attacks from the outside, we also do other activities. Those include contacting clients from whose side we detect attempts to connect to IP addresses that are known to be botnets’ command and control centers, or blocking IP addresses that are used by websites to perform malicious attacks on users. During that time we have seen some curious incidents that I would like to briefly outline here.