[tor-talk] blocking sinkholes and honeypots
scar at drigon.com
Sat Mar 11 11:27:32 UTC 2017
Anyone know about this and how to block it? usually there is a dst_ip
field but not in this case....
infection => 'bots', subtype => 'dorkbot', port => 'tor-node', naics =>
'518210', public_source => 'AnubisNetworks', asn => '209', tag =>
'sinkhole', sector => 'Communications', family => 'dorkbot', sic =>
'737415', sourceSummary => 'Drone Report'
More information about the tor-talk