Misconfigured systems
Abuse.net - mail relay testing service
Abuse.net provide an experimental mail relay testing service. Unlike ORDB, the abuse.net service allows registered users to see the full headers of mail relayed through the tested host. This may be useful to CSIRTs for testing hosts within their constituency where they should be able to require that the system owner take steps to prevent abuse of their system.
Assuria Auditor
Assuria Auditor provides deep configuration and vulnerability scanning, inventory reporting, compliance assessment and powerful change detection through an extensible and flexible architecture. It provides vital information assurance and protection for critical business servers and helps maintain systems in a secure ‘known state’. Assuria Auditor utlises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructures up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.
BGP Ranking
BGP ranking is a free software and free services to calculate the security ranking of Internet Service Provider (ASN).
Bogon Reference
A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks. We have attempted to make the task of maintaining bogon filters simpler for network operators by providing a wide range of formats and methods through which you can receive this data, which are all updated on the same interval, and based on the authoritative sources of the data (the relevant RFCs, the IANA IPv4 allocation list, and RIR data). Changes in all of these sources are constantly monitored and quickly reflected within the documents we provide. Bogon tracking and alerting is currently available through HTTP, BGP Peering, Routing Registries (RADb and RIPE NCC) and DNS.
Open Resolver Report
Regular reports of open resolvers within your BGP ASN or CIDR netblock, provided as service by Team Cymru.
SAR - Smurf Amplifier Registry
Smurfing is a denial of service technique that uses badly configured IP address blocks as amplifiers. By sending a single forged packet to such a netblock an attacker may cause a much larger number of packets to be directed at a victim host. Powertech have been working for many years to alert the owners of such netblocks to the problem - their database can be queried through a web form to determine whether a particular netblock is still vulnerable to this type of misuse. Any CSIRT discovering a smurf amplifier within their constituency should require the owner of the block to reconfigure their systems to prevent this.
SNDS - Smart Network Data Services
The Junk E-Mail Reporting Program (JMRP) is a free program intended to help large senders remove unwanted recipients from their e-mail lists. The goal of this program is to clean-up distribution lists so that users receive wanted e-mail and senders aren’t negatively affected by complaints.
