[nsp-sec] Suggestion for the phishing URL submit page: Show ASN
Christoph Sprongl
ch at it-austria.net
Tue May 13 14:45:57 EDT 2008
Maybe it would make sense to get a feed from Paul's castlecops phishing
specific data PIRT?
http://www.castlecops.com/pirt
christoph
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> sthaug at nethelp.no wrote:
> | ----------- nsp-security Confidential --------
> |
> | A quick suggestion for the phishing URL submit page at
> |
> | https://www.cymru.com/reports-cgi/submit_phish.cgi
> |
> | If the IP address could be shown *with the originating ASN* it would
> | be much easier to see at a glance if this URL comes from a system in
> | my own AS (I don't necessarily know by heart all the prefixes that we
> | announce...)
>
> Steinar,
>
> Thanks for the suggestion! We don't currently do ASN lookups/processing
> in the web CGI, to keep it reasonably lean and fast - that happens later
> when the submissions are imported into the actual Daily Reports
> database. We'll take a look at how much of an impact moving this
> processing would have, though, since I can certainly see the value -
> obviously it's better if you can see "hey, that URL I submitted is mine,
> I can kill it!" right away, rather than waiting for the reports to come
> through the next day.
>
> For those of you wondering what Steinar is talking about, we have a form
> where you can submit verified phishing URLs for inclusion in the Daily
> Reports project:
>
> https://www.cymru.com/reports-cgi/submit_phish.cgi
>
> Simply visit that URL using your NSP-SEC mailing list login and password
> (the same login you use to access https://www.cymru.com/nsp-sec/ and
> your daily reports data), fill in the form with phishing URLs and
> timestamps, and submit it - the data will flow to our internal
> processing for inclusion in the next day's Daily Reports.
>
> Regards,
> Tim Wilde
>
> - --
> Tim Wilde, Manager of Development, Team Cymru
> twilde at cymru.com | +1-312-924-4033 | http://www.team-cymru.org/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIKd/LluRbRini9tgRAqXJAJ0VkP+k0vIZG1sYcUT+HZMzm0ebNwCdHqt9
> Jp+vtYVEJiTJPjQchYaC/RU=
> =P15a
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list