North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: phishing sites report - March/2005
Gadi, This report isn't terribly useful without the IP addresses (or URLs) in question. How could an ISP start investigating and/or null routing these addresses without having the list? I suppose I'm skeptical because some of those ASNs are not big content hosters. Some are transit-only ASN's. Also, if you are using WHOIS to check the IP addresses for their owner, how are you correlating to ASN? Through an IRR? Or is there a route lookup somewhere in the mix? Even if you won't release full data (although I can't imagine why not), you need to fully disclose the methodology. "Digested" is insufficient when ISPs and hosters are being called out by name. - Dan On 3/28/05 2:19 PM, "Gadi Evron" <[email protected]> wrote: > Daniel Golding wrote: >> Forgive me for being skeptical, but... > > I would prefer you being skeptical. Please don't take my word on any of > this. > >> How do you come up with these? Are these the direct upstream ISPs of the > > These are the digested results from the reports sent to the malicious > websites and phishing research and mitigation list. > >> phishing sites or the next hop AS's from your test site? > > Plainly put, these are the results you get when you feed the IP's of the > hosting web sites to the Cymru whois. > >> Is there a link to the original data? > > Nope. We hope to release more data in our next reports. Please let us > know what kind of data you'd like available. We'll do our best to > provide it. > > One of our main goals is public awareness, so we are very interested in > feedback. > If you have further questions on the process itself, I'd gladly direct > you to the guy who actually does the data mining and statistics - but > the list data itself is not open to the public. > > Gadi.
|