The SISSDEN sensor network is composed of VPS provider hosted nodes (procured at a cost from the VPS providers) and nodes donated to the project by third-parties acting as endpoints. These VPS nodes are not the actual honeypots themselves. Instead, they act as transparent layer 2 tunnels to the SISS...
For the last couple of years, T-Pot , the docker-based open source honeypot platform developed by our partner Deutsche Telekom (DTAG), evolved as one of the most successful honeypot platforms, not on...
Reflective Amplification Denial-of-Service attacks continue to be a serious threat. We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since: In the first two months of 2019 our honeypot network already saw...
The primary data collection mechanism at the heart of the SISSDEN project is a sensor network of honeypots. The sensor network is composed of VPS provider hosted nodes and nodes donated to the project by third-parties acting as endpoints. These VPS nodes/endpoints are not the actual honeypots themse...
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots.
As of the 20th of December 2018, SISSDEN is offering 5 new report ty...
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. One of the methods data is collected is through darknets, also known as network telescopes. Darknets are unused sets of IP addresses, which...
The SISSDEN team is happy to announce that the Customer Portal has been opened to the public since mid-October 2018. This portal aims to provide access to the data sets, applications, and APIs resulting from the SISSDEN platform. It is linked to the SISSDEN website via a button in the banner:
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. In SISSDEN, collection of this type of information is achieved primarily through honeypots. One of these honeypots is dedicated towards the...
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots. One of these honeypots emulates ICS protocols, such as modbus or s7com...
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots. One of these honeypots is dedicated toward observing HTTP scanning act...
Lately, we can spot quite a lot of reports, claiming that Google (8.8.8.8) and Cloudflare (1.1.1.1) DNS servers are under DoS attacks. For instance, @GossiTheDog has provided the info that he noticed attack destined for 1.1.1.1 in Qihoo 360 feeds. Then, @yiminggong from 360 Netl...
Amplification DDoS attacks are one of the most prevalent forms of denial-of-service attacks. This type of reflective denial-of-service attack abuses two flaws in core networking protocols:
T...
BGP re-anoouncements and DDOS
By tracking the BGP announcements of large peering providers, we were able to identify what reassembled as a highly congested link in a backbone network, something that normally triggers BGP route flaps and session drops.
Monitoring the sudden increase of BGP rou...
Some time ago, we have written about Satori botnet fingerprinting. Right there, we have fingerprinted more than half a million infected machines. However, Satori's C2 was quickly sinkholed by the security community.
Not so long ago, 360Netlab informed the world about Sator...
On 4 February 2018, 360Netlab informed the world about ADB.Miner – the Android botnet spreading in a worm style. ADB.Miner activity started on 3 February and it continues. On 6 February, 360Netlab provided another blog post with more details.
Some basic facts about the...
SMTP (Simple Mail Transfer Protocol) is one of the most popular protocols, which is used for electronic mail transfer. As it is very common and almost every computer user has at least one email address, SMTP traffic is full of unsolicited messages (spam). There are many negative aspects connected wi...
In this post, we are introducing our early observations on a new version of the Satori botnet (Mirai variant). Data used for the analysis was extracted from the NASK darknet.
05.12.2017 03:57 UTC – 360 Netlab noticed a new uptick in the Satori activity. Some facts derived from the 360 Netlab pos...
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots. One of these honeypot type sensors is dedicated towards detecting SSH...
SISSDEN will be presenting at the CTI-EU Bonding EU Cyber Threat Intelligence event in Rome, 30th & 31st October 2017. Within the CTI capabilities, skills, education and training and research segment, SISSDEN will present the motives of the project and its early results.
The event w...