[nsp-sec] Suggestion for the phishing URL submit page: Show ASN

[Tim Wilde]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sthaug at nethelp.no wrote:
| ----------- nsp-security Confidential --------
|
| A quick suggestion for the phishing URL submit page at
|
| 	https://www.cymru.com/reports-cgi/submit_phish.cgi
|
| If the IP address could be shown *with the originating ASN* it would
| be much easier to see at a glance if this URL comes from a system in
| my own AS (I don't necessarily know by heart all the prefixes that we
| announce...)

Steinar,

Thanks for the suggestion!  We don't currently do ASN lookups/processing
in the web CGI, to keep it reasonably lean and fast - that happens later
when the submissions are imported into the actual Daily Reports
database.  We'll take a look at how much of an impact moving this
processing would have, though, since I can certainly see the value -
obviously it's better if you can see "hey, that URL I submitted is mine,
I can kill it!" right away, rather than waiting for the reports to come
through the next day.

For those of you wondering what Steinar is talking about, we have a form
where you can submit verified phishing URLs for inclusion in the Daily
Reports project:

	https://www.cymru.com/reports-cgi/submit_phish.cgi

Simply visit that URL using your NSP-SEC mailing list login and password
(the same login you use to access https://www.cymru.com/nsp-sec/ and
your daily reports data), fill in the form with phishing URLs and
timestamps, and submit it - the data will flow to our internal
processing for inclusion in the next day's Daily Reports.

Regards,
Tim Wilde

- --
Tim Wilde, Manager of Development, Team Cymru
twilde at cymru.com | +1-312-924-4033 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKd/LluRbRini9tgRAqXJAJ0VkP+k0vIZG1sYcUT+HZMzm0ebNwCdHqt9
Jp+vtYVEJiTJPjQchYaC/RU=
=P15a
-----END PGP SIGNATURE-----