Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: phishing sites report - March/2005

  • From: Gadi Evron
  • Date: Mon Mar 28 15:54:17 2005

Daniel Golding wrote:
Gadi,

This report isn't terribly useful without the IP addresses (or URLs) in
question. How could an ISP start investigating and/or null routing these
addresses without having the list?

I suppose I'm skeptical because some of those ASNs are not big content
hosters. Some are transit-only ASN's.

Also, if you are using WHOIS to check the IP addresses for their owner, how
are you correlating to ASN? Through an IRR? Or is there a route lookup
somewhere in the mix?

Even if you won't release full data (although I can't imagine why not), you
need to fully disclose the methodology. "Digested" is insufficient when ISPs
and hosters are being called out by name.
To answer all your above welcomed questions...
We will release the data we can, sorry.

That said -
We are looking for ways to release the actual IP's (phishing web pages) information in a sort of a blacklisting service. Currently the data is mixed with suspected CP sites and that's a no-no for release.
There are steps to take, and you are right - that's one of them, and perhaps even more important than we currently believe.
As to the usefulness of this particular report, it is about showing the problem, not killing sites.

As to "proving" to the ISP's -
Each of the respected service providers can contact us and get the information directly, and then make up their own minds.

As to the exact methodology used, I'll have to refuse to divulge that information publicly at this time. You don't have to believe the data. You can believe in some of the public names associated with this work.

Statistics may be a "blown out of proportions" word here, as all we do in this particular case is count.

And sorry, we'll keep calling these service providers by name, and "put our money where our mouth is" when they ping us back, like we did with The Planet, PNAP, KrCERT and others on our botnets C&C report. Also, we give credit where credit is due to service providers who show they are serious.

Keep in mind, although we won't go for "amateur" work, this is volunteer work.

:)

Gadi.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.