Honeypot type services from cloud flare or other security groups?

Brielle bruns at 2mbit.com
Wed Mar 11 18:26:16 UTC 2020


Hello,

Messaged offlist.  Thank you!


On 3/11/2020 11:42 AM, Justin Paine wrote:
> Hi Brielle,
> 
> Happy to chat directly — drop me a direct email please?
> 
> Thanks,
> Justin
> 
> _________________
> *Justin Paine*
> Head of Trust & Safety
> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
> 101 Townsend St., San Francisco, CA 94107
> 
> 
> 
> 
> On Wed, Mar 11, 2020 at 8:28 AM, Brielle <bruns at 2mbit.com 
> <mailto:bruns at 2mbit.com>> wrote:
> 
>     Hi all,
> 
>     Sorry for formatting errors, on my iPad while I have this thought in
>     my mind.
> 
>     Does anyone know if any of the security groups or CDNs like
>     Cloudflare have honeypots out there that can be used for analysis of
>     unusual attacks? As in, change the DNS temp for a host and let the
>     honey pot take the brunt of it and hopefully get useful data (even
>     for the benefit of the security company).
> 
>     Got a situation where I’ve got an abnormally high amount of legit
>     looking GET requests to a HTTPS git server, but are too high amount
>     to actually be legit end users or people cloning the repos. The
>     sources are worldwide, distributed, but with the bulk coming from
>     China, Russia, Brazil, and Egypt.
> 
>     I have some theories and observations that I’d be open to sharing,
>     but preferably not on an open mailing list until I’ve had a change
>     to have them reviewed by someone with more experience and background.
> 
>     Thx!
> 
>     Sent from my iPad
> 
> 


-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org



More information about the NANOG mailing list