nanog mailing list archives
Re: Honeypot type services from cloud flare or other security groups?
From: Justin Paine via NANOG <nanog () nanog org>
Date: Wed, 11 Mar 2020 17:42:32 +0000
Hi Brielle, Happy to chat directly — drop me a direct email please? Thanks, Justin _________________ *Justin Paine* Head of Trust & Safety PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D 101 Townsend St., San Francisco, CA 94107 On Wed, Mar 11, 2020 at 8:28 AM, Brielle < bruns () 2mbit com > wrote:
Hi all, Sorry for formatting errors, on my iPad while I have this thought in my mind. Does anyone know if any of the security groups or CDNs like Cloudflare have honeypots out there that can be used for analysis of unusual attacks? As in, change the DNS temp for a host and let the honey pot take the brunt of it and hopefully get useful data (even for the benefit of the security company). Got a situation where I’ve got an abnormally high amount of legit looking GET requests to a HTTPS git server, but are too high amount to actually be legit end users or people cloning the repos. The sources are worldwide, distributed, but with the bulk coming from China, Russia, Brazil, and Egypt. I have some theories and observations that I’d be open to sharing, but preferably not on an open mailing list until I’ve had a change to have them reviewed by someone with more experience and background. Thx! Sent from my iPad
Current thread:
- Honeypot type services from cloud flare or other security groups? Brielle (Mar 13)
- Re: Honeypot type services from cloud flare or other security groups? Justin Paine via NANOG (Mar 13)