What is n6 ?

n6 - Network Security Incident eXchange is a service where companies and institutions receive information about security problems inside their network infrastructure. We share information about malware infections, hosting of malicious content (e.g. phishing), and exposed applications that are vulnerable.

How n6 works?

Users of the n6 portal have access to events associated with their organization. Additionally, there is a generic feed of malware Command and Control (C2) and phishing sites that can be used for proactive detection of threats.

What are the data sources?

We collect data from publicly available sources (OSINT) and through cooperation with non-profit organizations and commercial entities. n6 also contains data from in-house systems of CERT Polska like: sinkhole, MWDB, Artemis or the list of malicious domains.

What kind of data is available?

n6 processes a few millions of events per day. These events are matched to registered organizations by their IP address or domain. The information available in n6 is grouped into the following main categories:

• Malware infections
• Command and control servers
• Malicious software distribution - URL addresses
• Services that can be abused for DDoS attacks
• Misconfigured services
• Vulnerable services
• Phishing

What are the benefits for organizations registered in n6?

• Organizations that are signed up will receive notifications about events related to their infrastructure.
• Information available in n6 can be used for early detection of threats and security issues.

How to register?

Access to n6 is free of charge. Any organization which has a range of public IP addresses registered can sign up (ownership of the network will be verified in the RIPE database). The registration form is available at: https://n6portal.cert.pl/sign-up