Skip to main content

Posts

Showing posts with the label NREN

RedIRIS Compromised?

For those not familiar with Spanish ISPs, RedIRIS is Spain's  National Research and Education Network . They are part of  Consorci de Serveis Universitaris de Catalunya and  Forum of Incident Response and Security Teams .  Essentially its an organization devoted to university networking projects and advanced R&D. They get their own nice big netblock to mess around with (in this case  193.144.0.0/14) . Similar projects in the US would be CalREN, Internet2 and LambdaRail.  I'm seeing what looks like malicious scanning from the RedIRIS netblock, like this: ** ** - - [08/Sep/2014:18:54:34 -0400] "GET /muieblackcat HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:34 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:34 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:35 -0400] "G