DNS Security - More Details When Domain is "Phishing"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS Security - More Details When Domain is "Phishing"

L2 Linker

Hi!

 

I dare say this message probably won't go anywhere, but over the last week a developer at UoP was trying to use factorial-biomechanics.firebaseapp.com which was blocked by "DNS Security" as a phishing site. It has since been re-classified as benign. Presuming it was briefly a phishing site (and if we don't trust Palo Alto's categorisation, why are we customers?), but it was probably a benign site which was compromised and deep away from the real purpose there were phishing objects (which I've seen before).

Now I dare say the answer to these questions is "No", but :-

1. Could some details of the compromised site be made available to customers? As it happens in this case, my customer was in contact with the site developer and could get something done about removing the phishing site.

 

2. Could we get details of what the phishing site was? If I put in an exception for this site (and yes I know how to do that), I'd like to do a proper risk assessment - if for example the phishing site was attempting to get credentials for a Westchester plumbing supplies company, I could make a not unreasonable decision that it was unlikely to cause a problem for our staff/students and put in an exception.

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MikeMeredith,

Think of categorizations the same as you would a email gateway marking something as spam or phishing and you'll have a better time. There's a level of scanning and scoring that's at play outside of actual review, false-positive detections will always happen and come into play. 

 

1. This is unlikely to ever happen, the same as most security products have never explicitly told anyone their reasoning for marking something as a threat/spam/phishing. Since the site houses a login form it's likely that it was simply miscategorized as phishing and was corrected when someone reported the categorization error. Sometimes if you open a case PAN will actually describe why it's being flagged as it is, but I honestly don't think they're supposed to give customers that information.

 

2. If you put in a ticket you may get an answer, usually if the ticket was on-going and actually makes it higher up the chain. More than likely they'll simply have it recategorized and tell you it was in error. 

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

@MikeMeredith,

Think of categorizations the same as you would a email gateway marking something as spam or phishing and you'll have a better time. There's a level of scanning and scoring that's at play outside of actual review, false-positive detections will always happen and come into play. 

 

1. This is unlikely to ever happen, the same as most security products have never explicitly told anyone their reasoning for marking something as a threat/spam/phishing. Since the site houses a login form it's likely that it was simply miscategorized as phishing and was corrected when someone reported the categorization error. Sometimes if you open a case PAN will actually describe why it's being flagged as it is, but I honestly don't think they're supposed to give customers that information.

 

2. If you put in a ticket you may get an answer, usually if the ticket was on-going and actually makes it higher up the chain. More than likely they'll simply have it recategorized and tell you it was in error. 

  • 1 accepted solution
  • 1293 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!