what is n6?

The n6 platform has been created by CERT Polska as a system designed to collect, process and share information about network events and possible security incidents. During one year period there are milions of security incidents being processed from Poland as well as from other parts the world. N6 is fully automatic. Its goal is to be efficient, reliable and prompt to deliver large amount of information about security incidents to proper entities : network owners, administrators and operators.

Access to the n6 database is free of charge and does not require any sensor to be installed.

Data in n6 comes from various sources and distribution channels delivering information about security events and incidents. The incidents are detected by various systems used by outside entities (such as other CERTs, security institutions, software developers, independent security experts etc) and monitoring systems serviced by CERT Polska. Majority of information is being updated on daily basis and some more often.

Additional information about client’s network may come as a result of CERT Polska operational work. It also applies to information from other entities – one time entry/data received from external source, with it’s permission may be added to the system for redistribution purposes.

n6 schemat

n6 can be compared to an incident sorting plant with the n6 engine as its heart. Thanks to a flexible tagging system, incidents can be assigned to specific entities – e.g. based on IP addresses and AS numbers. The collected data is aggregated in custom designed package which preserves original format of the source (each source in separate file). Additionally, there is another option to deliver other information such as e.g. C&C server data which is not in the client’s network but which could be used to detect infected computers.

The database contains information about source of the attack: URLs and domains, IP addresses and names of malicious software as well as other unique information if available.

Examples of catalogues available in the n6 database:
  • malicious URLs
  • malicious software samples and other artifacts
  • infected hosts (bots)
  • C2 servers
  • scan sources
  • DDoS sources
  • bruteforce attack sources
  • hosts in fast flux networks
  • phishing URLs
  • spam sources
  • other information, resulting from CERT Polska's operations
ATTENTION! Due to the fact that majority of data comes from external systems, CERT Polska is not responsible neither for its quality nor can be hold reliable for the way data is used by the receiving entity. Data is being transmitted unprocessed and may contain false alerts. CERT Polska offers free of charge access to data about threats but does not provide consulting services nor assistance in interpretation of the client’s incidents. The verification of data falls on the receiver. Data is being distributed with the consent of the entities which detected the incidents. We don’t disclose information about the source unless the source agrees to do so.




CERT Polska

www | twitter | facebook