Advice for specific incidents

Information and advice tailored to the Rutgers University environment. These are the Incident Types used in abuse reports distributed by the Rutgers University Computing Incident Response Team (RU CIRT). Other commonly used designations are included for clarity. Click on the topic to navigate to the detailed information.

Botnet — last modified 2007-07-27 11:28

According to Wikipedia, a botnet is a a collection of software robots-- software applications that run automated tasks over the internet.

Configuration Error — last modified 2007-07-27 11:28

This incident type includes incorrect file permissions, unpatched operating systems, obsolete versions of software and otherwise unhardened operating systems and applications.

Copyright Violation — last modified 2008-02-25 13:42

Briefly, a copyright regulates the use of a particular expression of an idea or information and may subsist in a wide range of creative, intellectual, or artistic forms or "works". Therefore, a copyright violation is a infringement on those rights.

Flagged by Vulnerability Scan — last modified 2007-07-27 11:28

The host was flagged by the current targetted vulnerability scan.

Intrusion — last modified 2007-07-27 11:28

Unauthorized host access. It can involve compromise of information, use of the host for storage of pirated software or media files, or use of the host for reconnaissance and further attacks.

Malware — last modified 2008-03-21 15:55

Malware refers to computer viruses, worms, Trojan horses, spyware and adware. In other words, that category of software created with malicious intent.

Network Scan — last modified 2007-07-27 11:28

Network scans can either take the form of scanning all ports on a host (or a variety of hosts) or specific ports on a variety of hosts. It almost always indicates reconnaissance attempts, often automated. The information is gathered so that targetted attacks may later be launched.

Open Mail Relay — last modified 2007-07-27 11:28

An open mail relay allows email to be passed through it and is often abused for the sending of spam. It tends to be a configuration issue. Review these recommendations when a host has been identified as a possible open mail relay.

Open Proxy — last modified 2007-07-27 11:28

An open proxy is used to disguise the real source of network connections, and often for sending out spam.

Operating system or application vulnerability — last modified 2007-07-27 11:28

A flaw in an application or in the operating system itself permits unauthorized access to data, elevation of privileges, or the remote execution of arbritrary code.

Other — last modified 2007-07-27 11:28

This category is assigned to incidents that are dispatched outside of the normal email channels and is used when several different incident types are combined or when it the incident does not fit because it is a completely new type.

Password Compromise — last modified 2008-04-09 14:14

Passwords can be compromised, guessed or revealed in a number of ways.

Physical Intrusion or Theft — last modified 2008-02-25 17:44

Loss, destruction of theft of a network device (including the stored data).

Spam (including Phishing and other spam variants) — last modified 2008-06-16 10:58

Spam is unsolicited email, usually commercial in nature and offering products or dubious "deals".

Spyware — last modified 2007-07-27 11:28

A form of malware.

Trojans — last modified 2007-07-27 11:28

A form of malware.

Viruses — last modified 2007-07-27 11:28

A form of malware.

Stalking, Harassment, Online Fraud and other Criminal Activities — last modified 2007-10-15 11:19

Computing resources are sometimes misused for harassment and stalking. These behaviors may spread beyond cyberspace into "real life" and can be seriously disruptive for the victim. Law enforcement also deals with cases of online fraud and child pornography. Points of contact for filing reports follow.

Webpage Defacement — last modified 2007-07-27 11:28

Webpage defacement occurs when a web page is changed without authorization and generally includes visual damage to the website.