Google's Safe Browsing Alerts for Network Administrators
I want to make this forum aware of Google's "Safe Browsing Alerts for Network Administrators" (https://www.google.com/safebrowsing/alerts/). I've had a link to their diagnostic page for several years (https://www.google.com/safebrowsing/diagnostic?site=AS:####&hl=it-it, where #### is your ASN), but I didn't know that Google actually had a way to alert ASN owners of new incidents. I checked NANOG's archive and haven't ever seen it mentioned, so I thought there might be more like me that weren't aware. And while I'm on the subject, I want to make people aware of somewhat related service by ShadowServer (https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwor k). Frank
My problem with Google's "Safe Browsing" alerts is that from the admin side they rarely are useful/useable. They make a big loud noisy complaint without ANYTHING to substantiate what the issue is to correct it. You're left searching your own site trying to figure out what in the heck it's complaining about. On Thu, Jan 8, 2015 at 3:54 PM, Frank Bulk <frnkblk@iname.com> wrote:
I want to make this forum aware of Google's "Safe Browsing Alerts for Network Administrators" (https://www.google.com/safebrowsing/alerts/). I've had a link to their diagnostic page for several years (https://www.google.com/safebrowsing/diagnostic?site=AS:####&hl=it-it, where #### is your ASN), but I didn't know that Google actually had a way to alert ASN owners of new incidents. I checked NANOG's archive and haven't ever seen it mentioned, so I thought there might be more like me that weren't aware.
And while I'm on the subject, I want to make people aware of somewhat related service by ShadowServer (https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwor k).
Frank
-- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler
I've had my team report false-positives with the Safe Browsing reports as well. On 9/01/2015 2:37 p.m., Michael Loftis wrote:
My problem with Google's "Safe Browsing" alerts is that from the admin side they rarely are useful/useable. They make a big loud noisy complaint without ANYTHING to substantiate what the issue is to correct it. You're left searching your own site trying to figure out what in the heck it's complaining about.
On Thu, Jan 8, 2015 at 3:54 PM, Frank Bulk <frnkblk@iname.com> wrote:
I want to make this forum aware of Google's "Safe Browsing Alerts for Network Administrators" (https://www.google.com/safebrowsing/alerts/). I've had a link to their diagnostic page for several years (https://www.google.com/safebrowsing/diagnostic?site=AS:####&hl=it-it, where #### is your ASN), but I didn't know that Google actually had a way to alert ASN owners of new incidents. I checked NANOG's archive and haven't ever seen it mentioned, so I thought there might be more like me that weren't aware.
And while I'm on the subject, I want to make people aware of somewhat related service by ShadowServer (https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwor k).
Frank
I've not found it very usefull. As for Shadowserver.org I really wish folks trying to save the internet from mis-configurations would stop randomly scanning networks to fix. These folks are one of many "do-gooders" that are adding to the traffic being dropped and logged. Its only contibuting to the daily clutter of problem folk already poking and prodding. Regards, -Joe On Thu, Jan 8, 2015 at 5:54 PM, Frank Bulk <frnkblk@iname.com> wrote:
Thanks for that feedback on Google’s Safe Browsing Alerts. We’ll have to see how that works out for us over time. In regards to ShadowServer, I don’t think they’re randomly scanning networks, and neither are folks like OpenResolver – I think it’s pretty systematic, albeit from perhaps only a certain point of view on the Internet. If their scans are being dropped and logged, that’s great – that means someone has measures in place to mitigate attacks that leverage those UDP protocols. But for those who use their output to better secure their own and clients’ endpoint devices, it’s much appreciated. If it’s really just a drop in the ocean, what does it matter to you? Frank From: Joe [mailto:jbfixurpc@gmail.com] Sent: Monday, January 12, 2015 10:39 AM To: Frank Bulk Cc: nanog@nanog.org Subject: Re: Google's Safe Browsing Alerts for Network Administrators I've not found it very usefull. As for Shadowserver.org I really wish folks trying to save the internet from mis-configurations would stop randomly scanning networks to fix. These folks are one of many "do-gooders" that are adding to the traffic being dropped and logged. Its only contibuting to the daily clutter of problem folk already poking and prodding. Regards, -Joe On Thu, Jan 8, 2015 at 5:54 PM, Frank Bulk <frnkblk@iname.com <mailto:frnkblk@iname.com> > wrote:
Hat: open.*project person.. With the complaints we get often the people aren't properly secured, they are just seeing the noise in their logs or they just started logging. We often get more complaints after the first six months as someone says "oh hey, we updated our IPS and now see the NTP traffic that we didn't see in 2000-2015, lets complain about it". It's good they have visibility now but most people don't get the true issue or impact, and don't even appreciate it when they are on the receiving end of a 100-250Gb/s attack from these services. Take a moment to read the Christian Rossow paper called "amplification Hell". While amplifiers are only a part of the equation, the trend of fixes is important to track so people understand the state of the fixes. Jared Mauch
On Jan 12, 2015, at 1:38 PM, Frank Bulk <frnkblk@iname.com> wrote:
In regards to ShadowServer, I don’t think they’re randomly scanning networks, and neither are folks like OpenResolver – I think it’s pretty systematic, albeit from perhaps only a certain point of view on the Internet. If their scans are being dropped and logged, that’s great – that means someone has measures in place to mitigate attacks that leverage those UDP protocols. But for those who use their output to better secure their own and clients’ endpoint devices, it’s much appreciated. If it’s really just a drop in the ocean, what does it matter to you?
participants (5)
-
Frank Bulk
-
Jared Mauch
-
Joe
-
Mark Foster
-
Michael Loftis