In general, my honeypot works perfectly. I was surprised that this week alone I had more than 4,000 requests from a single IP address in France. Everything with different approaches and combinations.
My question:
Should I notify the provider, who can contact the connection owner? Somebody caught a bad zombie.
Or is this done by the team behind the project HaaS?
Of course we are quite well protected with our omnias, but something like that happens to others …
Yes, you can try to notify the provider that you found the behaviour, if they can contact the connection owner, but data, which we’re collecting from Honeypot as a Service is used by the National Security Team of the Czech Republic (CSIRT.cz), which investigate attacks from Czech IP addresses and for attacks from foreign IP addresses our CSIRT.CZ cooperates with other CSIRT teams. The most attacks come from China, we already cooperating with Taiwan and working to establish cooperation with other security teams.
Data is also used by our graylist together with CESNET.cz and NÚKIB, which is the National office of Cybernetics and Information Security.