Gathering information
Abuse.net - mail relay testing service
Abuse.net provide an experimental mail relay testing service. Unlike ORDB, the abuse.net service allows registered users to see the full headers of mail relayed through the tested host. This may be useful to CSIRTs for testing hosts within their constituency where they should be able to require that the system owner take steps to prevent abuse of their system.
AbuseHelper
AbuseHelper is toolkit for CERT and Abuse teams. It is a modular, (hopefully) scalable and robust framework to help you in your abuse handling. With Abuse Helper you can retrieve Internet Abuse Handling related information via several sources, you can then aggregate that information based on different keys, such as AS numbers or country codes and send out reports in different formats, via different transports and using different timings.
allwhois
Allwhois provides a meta-whois interface to search for nic database entries for a given domain name. (Popup banners!)
Assuria Auditor
Assuria Auditor provides deep configuration and vulnerability scanning, inventory reporting, compliance assessment and powerful change detection through an extensible and flexible architecture. It provides vital information assurance and protection for critical business servers and helps maintain systems in a secure ‘known state’. Assuria Auditor utlises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructures up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.
BGP Ranking
BGP ranking is a free software and free services to calculate the security ranking of Internet Service Provider (ASN).
Bogon Reference
A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks. We have attempted to make the task of maintaining bogon filters simpler for network operators by providing a wide range of formats and methods through which you can receive this data, which are all updated on the same interval, and based on the authoritative sources of the data (the relevant RFCs, the IANA IPv4 allocation list, and RIR data). Changes in all of these sources are constantly monitored and quickly reflected within the documents we provide. Bogon tracking and alerting is currently available through HTTP, BGP Peering, Routing Registries (RADb and RIPE NCC) and DNS.
NOC search list
This site provides a service to search for an NOC (network operation center) contact informations in their database. Own NOC informations can be submitted. The list is searchable or can be viewed as a whole. In addition to "whois" this site can be very useful for CSIRTS while doing incident handling.
Open Resolver Report
Regular reports of open resolvers within your BGP ASN or CIDR netblock, provided as service by Team Cymru.
traceroute-circl
traceroute-circl is an extended traceroute to support the activities of CSIRT (or CERT) operators. Among other things it allows to display abuse and contact for each hop, display CIRCL BGP Ranking services (experimental), it can highlight specific country to match CSIRT's constituency, output RBL entries for each hop, output Google Maps traceroute (e.g. a sample output ) and show ASN origin from RIPE RIS and origin.asn.cymru.com sources.
