hrbrmstr πΊπ¦
π¬π±
π¨π¦
There are lots of ways to "do honeypots", and if you'd like to do a bit of what I do on a daily basis (though in a different way) def take a look at this project: https://lightscope.isi.edu/
Clever idea! Decent-ish dashboards.
Do not use the blocklists. Lots of overlaps with our Benign lists.
Buttered Jorts@hrbrmstr@mastodon.social since they explicitly call out IDβing βmaliciousβ behavior from IPs yβall have classified as βbenignβ any thoughts on the reason for that difference?
hrbrmstr πΊπ¦ π¬π± π¨π¦@ajn142@infosec.exchange rly good q. our folks who were at BH/DC met with the dev and we're gonna sync up on the project so I'll report back.
If they're using static "benign" lists, that could be it. We re-verify all benign actor IP lists quarterly, and some actors are dynamic (RDNS, etc) by nature.
Buttered Jorts@hrbrmstr@mastodon.social cool, I figure yβall both have reasons for why you classify the way you do, and it seemed interesting to understand why.