Wednesday, July 13, 2011

Threat Intelligence via Sinkholes

Over the last few months I've been seeing more and more folks pimping botnet victim intelligence feeds. Despite the obvious flaws in these feeds, the subscriptions are going up - despite most folks not really understanding how to use the intelligence.

Just about all the data being sold is harvested from sinkholes - which happens to be a rather crap way of gathering that kind of information. There are all kinds of limitations to the way the intelligence can be employed - especially from a protection perspective.

By way of education, I've pulled together an educational post covering the problems with sinkhole harvested data - from both technology and legal/ethical perspectives.

You can find the posting at the Damballa site - http://blog.damballa.com/?p=1342