The other day Spoonfork and I have discussion about the Global Watchlist and we think that it can assist network security analyzt in certain way. Therefore Spoonfork started to work it out and here's the first alpha version of Global Watchlist -
http://watchlist.security.org.my/watchlist
So what's the function of this watchlist anyway, basically we pull the list of suspected malicous IPs/Net ranges from different sources such as Sans dshield, Arbor atlas and so forth, then putting all of them in one place. This can assist security analyzt during their operation especially when they need to determine certain suspected IP is doing what, they can just query the IP at the watchlist link and see if it matches and identify them quickly.
The reason why we put them together not because of eliminating the usefulness of the original site but making use of them efficiently(I don't think you will want to go to each original site and query the IP one by one) so it's best to have the global watchlist that pull everything together and this eases the job of the security analyzt. In fact all the credits goes to the original party as usual.
A lot of virus/malwares researchers rely on Virustotal and we think we should have something for network security analyzt, in fact dakrone will create the module for you to query the IP from NSM Console.
http://watchlist.security.org.my/watchlist
So what's the function of this watchlist anyway, basically we pull the list of suspected malicous IPs/Net ranges from different sources such as Sans dshield, Arbor atlas and so forth, then putting all of them in one place. This can assist security analyzt during their operation especially when they need to determine certain suspected IP is doing what, they can just query the IP at the watchlist link and see if it matches and identify them quickly.
The reason why we put them together not because of eliminating the usefulness of the original site but making use of them efficiently(I don't think you will want to go to each original site and query the IP one by one) so it's best to have the global watchlist that pull everything together and this eases the job of the security analyzt. In fact all the credits goes to the original party as usual.
A lot of virus/malwares researchers rely on Virustotal and we think we should have something for network security analyzt, in fact dakrone will create the module for you to query the IP from NSM Console.
For the moment, you can also query the IP with command line -
shell>curl http://watchlist.security.org.my/watchlist/show?ip=131.247.1.101 | grep '131.247.1.101'
131.247.1.101,www.emergingthreats.net/rules/bleeding-botcc.rules,botcc,2008-01-31 17:15:55
You may notice that we name our global watchlist as The Harimau Watchlist . If you don't know what is Harimau, it means Tiger in Malay Language, thanks to Spoonfork for such creative name ;P
Enjoy ;]
Enjoy ;]
5 comments:
Excellent work guys...
Keep up the contribution towards the world of network security.
May the world be a better place
If the world would be a better place, then we dont need security anymore, which will make us boring :)
Greatly appreciated efforts.
Thank you!
Wow! Top work, guys. Did exactly what is was set up to do. IP in sustained attack identified as phish and b&.
The list looks really interesting.
Would it be possible to get access to it, please?
Post a Comment