Dear colleagues,

our detection systems registered the following possible problem(s) related to your IP
address range or domain:


[1] The machine performed some type of active scanning.
    https://csirt.cesnet.cz/cs/services/eventclass/recon-scanning

    ===========================================================================
    Source:                 10.0.0.0/25
    First event:            2018-01-01 13:00:00 Z
    Last event:             2018-01-01 13:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.dionaea:
    Connection count        42
    Source port             22
    Target IP addresses     11.2.2.0/24, 2004:ffff::ff00:42:0/112

    ===========================================================================
    Source:                 10.0.1.2-10.0.1.5
    First event:            2018-01-01 13:00:00 Z
    Last event:             2018-01-01 13:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.dionaea:
    Connection count        42
    Source port             22
    Target IP addresses     11.2.2.0/24, 2004:ffff::ff00:42:0/112

    ===========================================================================
    Source:                 10.0.2.1
    First event:            2018-01-01 13:00:00 Z
    Last event:             2018-01-01 13:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.dionaea:
    Connection count        42
    Source port             22, 23
    Target IP addresses     11.2.2.0/24, 2004:ffff::ff00:42:0/112

    ===========================================================================


[2] Test report.
    https://csirt.cesnet.cz/cs/services/eventclass/test-event-class

    ===========================================================================
    Source:                 2001:db8::ff00:42:0/112
    First event:            2018-01-01 12:00:00 Z
    Last event:             2018-01-01 12:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.kippo_honey:
    Reference               https://cesnet.cz
    Username, password      ('sa', '')
    Protocols               http, https, telnet
    Connection count        1
    Flow count              30
    Packet count            50
    Byte count              4560
    Average packet size     93
    Dropped byte count      100
    Source protocol         telnet
    Source IP addresses     2001:db8::ff00:42:0/112
    Total source IP count   1
    Target port             443, 80
    Target hostname         aaa.cesnet.cz, bbb.cesnet.cz
    Target protocol         http, https
    Target reference        https://ces.net
    Target interface        45
    Target service          Apache (version 2.4.53)
    Target X509 expired at  2020-11-06T23:59:00Z
    Target IP addresses     10.2.2.0/24, 2001:ffff::ff00:42:0/112
    Total target IP count   2

    ===========================================================================


our detection systems registered the following RECURRING possible problem(s) related to
your IP address range or domain:


[1] The machine performed some type of active scanning.
    https://csirt.cesnet.cz/cs/services/eventclass/recon-scanning

    ===========================================================================
    Source:                 10.0.0.0/25
    First event:            2018-01-01 13:00:00 Z
    Last event:             2018-01-01 13:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.dionaea:
    Connection count        42
    Source port             22
    Target IP addresses     11.2.2.0/24, 2004:ffff::ff00:42:0/112

    ===========================================================================
    Source:                 10.0.1.2-10.0.1.5
    First event:            2018-01-01 13:00:00 Z
    Last event:             2018-01-01 13:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.dionaea:
    Connection count        42
    Source port             22
    Target IP addresses     11.2.2.0/24, 2004:ffff::ff00:42:0/112

    ===========================================================================
    Source:                 10.0.2.1
    First event:            2018-01-01 13:00:00 Z
    Last event:             2018-01-01 13:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.dionaea:
    Connection count        42
    Source port             22, 23
    Target IP addresses     11.2.2.0/24, 2004:ffff::ff00:42:0/112

    ===========================================================================


[2] Test report.
    https://csirt.cesnet.cz/cs/services/eventclass/test-event-class

    ===========================================================================
    Source:                 2001:db8::ff00:42:0/112
    First event:            2018-01-01 12:00:00 Z
    Last event:             2018-01-01 12:00:00 Z
    Events:                 1
    ---------------------------------------------------------------------------
    Details from detector org.example.kippo_honey:
    Reference               https://cesnet.cz
    Username, password      ('sa', '')
    Protocols               http, https, telnet
    Connection count        1
    Flow count              30
    Packet count            50
    Byte count              4560
    Average packet size     93
    Dropped byte count      100
    Source protocol         telnet
    Source IP addresses     2001:db8::ff00:42:0/112
    Total source IP count   1
    Target port             443, 80
    Target hostname         aaa.cesnet.cz, bbb.cesnet.cz
    Target protocol         http, https
    Target reference        https://ces.net
    Target interface        45
    Target service          Apache (version 2.4.53)
    Target X509 expired at  2020-11-06T23:59:00Z
    Target IP addresses     10.2.2.0/24, 2001:ffff::ff00:42:0/112
    Total target IP count   2

    ===========================================================================

These possible problem(s) were already reported to you some time before, however we have
detected relapses.

This report contains events with LOW severity. Please consider reviewing the host systems
mentioned in this report and fix any possible issues.

Link to interactive web version of this report and complete data:
https://URL/view=REPORT_LABEL/unauth

For further communication please keep the identifier [REPORT_LABEL] in email subject.

Thank you in advance for your cooperation

CESNET-CERTS <certs@cesnet.cz>
https://csirt.cesnet.cz/en/index