![]() What does it really mean when something was tagged as “spam” for a drone? We filter nothing from the data we send out, except to ensure that you receive the data for your responsible area. If we have the data, we will always include it in the reports. In the instances where the capture point was our Sinkhole server, we are the C&C in this instance and there is no reason to include our IPs.Since we extracted the last hop from a Spam message, we do not know the controlling source and cannot report it out. For example, you could have a drone IP labeled as Spam. We may not have the C&C IP address, depending on the source of the data and the method of tracking.This can occur for several different reasons. Why is the C&C set to “0.0.0.0” or blank? We only harvest the connection information and report it back out. ![]() We cannot issue commands, nor can we control your system from our sinkhole server, since it is a mostly passive capture device. If it is a sinkhole server, this means that your IP address reached out and communicated somehow with our server. It could also be one of the many sinkhole servers that we and our partners operate. The IP for the C&C could be a real command and control system that we are (or a partner is) monitoring either directly or passively. We had to make certain changes to the data sets and have required certain output changes, as well. As we’ve grown in size, so have our data sets, requiring us to change our storage technology and methodology. Some of the IPs will have an infection type. Please note this report will be replaced after by Darknet Events Report, Sinkhole Events Report, Sinkhole HTTP Events Report. This report is a list of all the infected machines, drones, and zombies that we were able to capture through various techniques, including sinkholes operated with partners, darknets, honeypots, ips from Spam relays and other partner sources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |