Dear colleagues,

our detection systems registered the following possible problem(s) related to host
192.168.1.1, that appears to belong to your IP address range or domain:


[1] Test report.
    https://csirt.cesnet.cz/cs/services/eventclass/test-event-class

    ===========================================================================
    Source:                 10.0.2.1
    First event:            2018-01-01 12:00:00 Z
    Last event:             2018-01-01 12:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.kippo_honey:
    Reference               https://cesnet.cz
    Username, password      ('sa', '')
    Protocols               http, https, ssh
    Connection count        1
    Flow count              30
    Packet count            50
    Byte count              4560
    Average packet size     93
    Dropped byte count      100
    Source protocol         ssh
    Source IP addresses     10.0.2.1
    Source InFlowCount      30
    Source OutFlowCount     30
    Source InByteCount      4560
    Source OutByteCount     4560
    Total source IP count   1
    Target port             443, 80
    Target hostname         aaa.cesnet.cz, bbb.cesnet.cz
    Target protocol         http, https
    Target reference        https://ces.net
    Target interface        45
    Target service          Apache (version 2.4.53)
    Target X509 expired at  2020-11-06T23:59:00Z
    Target IP addresses     10.2.2.0/24, 2001:ffff::ff00:42:0/112
    Total target IP count   2

    ===========================================================================
    Source:                 2001:db8::ff00:42:0/112
    First event:            2018-01-01 12:00:00 Z
    Last event:             2018-01-01 12:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.kippo_honey:
    Reference               https://cesnet.cz
    Username, password      ('sa', '')
    Protocols               http, https, telnet
    Connection count        1
    Flow count              30
    Packet count            50
    Byte count              4560
    Average packet size     93
    Dropped byte count      100
    Source protocol         telnet
    Source IP addresses     2001:db8::ff00:42:0/112
    Total source IP count   1
    Target port             443, 80
    Target hostname         aaa.cesnet.cz, bbb.cesnet.cz
    Target protocol         http, https
    Target reference        https://ces.net
    Target interface        45
    Target service          Apache (version 2.4.53)
    Target X509 expired at  2020-11-06T23:59:00Z
    Target IP addresses     10.2.2.0/24, 2001:ffff::ff00:42:0/112
    Total target IP count   2

    ===========================================================================


our detection systems registered the following RECURRING possible problem(s) related to
host 192.168.1.1, that appears to belong to your IP address range or domain:


[1] Test report.
    https://csirt.cesnet.cz/cs/services/eventclass/test-event-class

    ===========================================================================
    Source:                 10.0.2.1
    First event:            2018-01-01 12:00:00 Z
    Last event:             2018-01-01 12:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.kippo_honey:
    Reference               https://cesnet.cz
    Username, password      ('sa', '')
    Protocols               http, https, ssh
    Connection count        1
    Flow count              30
    Packet count            50
    Byte count              4560
    Average packet size     93
    Dropped byte count      100
    Source protocol         ssh
    Source IP addresses     10.0.2.1
    Source InFlowCount      30
    Source OutFlowCount     30
    Source InByteCount      4560
    Source OutByteCount     4560
    Total source IP count   1
    Target port             443, 80
    Target hostname         aaa.cesnet.cz, bbb.cesnet.cz
    Target protocol         http, https
    Target reference        https://ces.net
    Target interface        45
    Target service          Apache (version 2.4.53)
    Target X509 expired at  2020-11-06T23:59:00Z
    Target IP addresses     10.2.2.0/24, 2001:ffff::ff00:42:0/112
    Total target IP count   2

    ===========================================================================
    Source:                 2001:db8::ff00:42:0/112
    First event:            2018-01-01 12:00:00 Z
    Last event:             2018-01-01 12:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.kippo_honey:
    Reference               https://cesnet.cz
    Username, password      ('sa', '')
    Protocols               http, https, telnet
    Connection count        1
    Flow count              30
    Packet count            50
    Byte count              4560
    Average packet size     93
    Dropped byte count      100
    Source protocol         telnet
    Source IP addresses     2001:db8::ff00:42:0/112
    Total source IP count   1
    Target port             443, 80
    Target hostname         aaa.cesnet.cz, bbb.cesnet.cz
    Target protocol         http, https
    Target reference        https://ces.net
    Target interface        45
    Target service          Apache (version 2.4.53)
    Target X509 expired at  2020-11-06T23:59:00Z
    Target IP addresses     10.2.2.0/24, 2001:ffff::ff00:42:0/112
    Total target IP count   2

    ===========================================================================

These possible problem(s) were already reported to you some time before, however we have
detected relapses.

This report contains events with LOW severity. Please consider reviewing the host systems
mentioned in this report and fix any possible issues.

Link to interactive web version of this report and complete data:
https://URL/view=REPORT_LABEL/unauth

For further communication please keep the identifier [REPORT_LABEL] in email subject.

Thank you in advance for your cooperation

CESNET-CERTS <certs@cesnet.cz>
https://csirt.cesnet.cz/en/index