Honeypot type services from cloud flare or other security groups?
Hi all, Sorry for formatting errors, on my iPad while I have this thought in my mind. Does anyone know if any of the security groups or CDNs like Cloudflare have honeypots out there that can be used for analysis of unusual attacks? As in, change the DNS temp for a host and let the honey pot take the brunt of it and hopefully get useful data (even for the benefit of the security company). Got a situation where I’ve got an abnormally high amount of legit looking GET requests to a HTTPS git server, but are too high amount to actually be legit end users or people cloning the repos. The sources are worldwide, distributed, but with the bulk coming from China, Russia, Brazil, and Egypt. I have some theories and observations that I’d be open to sharing, but preferably not on an open mailing list until I’ve had a change to have them reviewed by someone with more experience and background. Thx! Sent from my iPad
Hi Brielle, Happy to chat directly — drop me a direct email please? Thanks, Justin _________________ *Justin Paine* Head of Trust & Safety PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D 101 Townsend St., San Francisco, CA 94107 On Wed, Mar 11, 2020 at 8:28 AM, Brielle < bruns@2mbit.com > wrote:
Hi all,
Sorry for formatting errors, on my iPad while I have this thought in my mind.
Does anyone know if any of the security groups or CDNs like Cloudflare have honeypots out there that can be used for analysis of unusual attacks? As in, change the DNS temp for a host and let the honey pot take the brunt of it and hopefully get useful data (even for the benefit of the security company).
Got a situation where I’ve got an abnormally high amount of legit looking GET requests to a HTTPS git server, but are too high amount to actually be legit end users or people cloning the repos. The sources are worldwide, distributed, but with the bulk coming from China, Russia, Brazil, and Egypt.
I have some theories and observations that I’d be open to sharing, but preferably not on an open mailing list until I’ve had a change to have them reviewed by someone with more experience and background.
Thx!
Sent from my iPad
Hello, Messaged offlist. Thank you! On 3/11/2020 11:42 AM, Justin Paine wrote:
Hi Brielle,
Happy to chat directly — drop me a direct email please?
Thanks, Justin
_________________ *Justin Paine* Head of Trust & Safety PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D 101 Townsend St., San Francisco, CA 94107
On Wed, Mar 11, 2020 at 8:28 AM, Brielle <bruns@2mbit.com <mailto:bruns@2mbit.com>> wrote:
Hi all,
Sorry for formatting errors, on my iPad while I have this thought in my mind.
Does anyone know if any of the security groups or CDNs like Cloudflare have honeypots out there that can be used for analysis of unusual attacks? As in, change the DNS temp for a host and let the honey pot take the brunt of it and hopefully get useful data (even for the benefit of the security company).
Got a situation where I’ve got an abnormally high amount of legit looking GET requests to a HTTPS git server, but are too high amount to actually be legit end users or people cloning the repos. The sources are worldwide, distributed, but with the bulk coming from China, Russia, Brazil, and Egypt.
I have some theories and observations that I’d be open to sharing, but preferably not on an open mailing list until I’ve had a change to have them reviewed by someone with more experience and background.
Thx!
Sent from my iPad
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
participants (2)
-
Brielle -
Justin Paine