Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: phishing sites report - March/2005

  • From: Daniel Golding
  • Date: Mon Mar 28 15:21:11 2005

Gadi,

This report isn't terribly useful without the IP addresses (or URLs) in
question. How could an ISP start investigating and/or null routing these
addresses without having the list?

I suppose I'm skeptical because some of those ASNs are not big content
hosters. Some are transit-only ASN's.

Also, if you are using WHOIS to check the IP addresses for their owner, how
are you correlating to ASN? Through an IRR? Or is there a route lookup
somewhere in the mix?

Even if you won't release full data (although I can't imagine why not), you
need to fully disclose the methodology. "Digested" is insufficient when ISPs
and hosters are being called out by name.

- Dan


On 3/28/05 2:19 PM, "Gadi Evron" <gadi@tehila.gov.il> wrote:

> Daniel Golding wrote:
>> Forgive me for being skeptical, but...
> 
> I would prefer you being skeptical. Please don't take my word on any of
> this.
> 
>> How do you come up with these? Are these the direct upstream ISPs of the
> 
> These are the digested results from the reports sent to the malicious
> websites and phishing research and mitigation list.
> 
>> phishing sites or the next hop AS's from your test site?
> 
> Plainly put, these are the results you get when you feed the IP's of the
> hosting web sites to the Cymru whois.
> 
>> Is there a link to the original data?
> 
> Nope. We hope to release more data in our next reports. Please let us
> know what kind of data you'd like available. We'll do our best to
> provide it.
> 
> One of our main goals is public awareness, so we are very interested in
> feedback.
> If you have further questions on the process itself, I'd gladly direct
> you to the guy who actually does the data mining and statistics - but
> the list data itself is not open to the public.
> 
> Gadi.







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.