The following is a compiled list of odd network behaviors reported by network engineers and system administrators of Aim Higher College:
1) Network traffic analysis shows that a single host is opening hundreds of SSH sessions to a single host every minute. DDoS
2) Network traffic shows that hundreds of hosts are constantly sending only SYN packets to a single web server on campus. SYN flooding attack
3) A system administrator reports that a single host is attempting to log on to a campus SSH server using a different username and password combination thousands of time per day. Brute Force Attack
4) A new PDF- based exploit is announced that uses a malformed PDF to exploit Windows XP systems. Needs to be patched
5) Spam email is being sent to campus users claiming to be from the campus helpdesk. It asks them to send their username and password to retain access to their email. Spam filters need to be set up and an e-mail and an announcement need to be made letting staff/students know a fake e-mail is going around
6) A DNS changer malware package. A virus. Need anti-virus/malware software
7) A JavaScript vulnerability is being used to exploit browsers via ad networks on major news sites, resulting in systems being infected with malware. Use an adblocker
8) A zero day vulnerability has been announced in the primary campus backup software’s remote administration interface. Apply the appropriate patch
9) A virus is being sent via email to campus users. Email filtering