Safety of our clients and reliability of provided services are absolute priorities for our team, hence we inform you about release of in-house solution to prevent malicious activity, also known as unauthorized reconnaissance, regarding our clients' services, hosted by us.
The developed system consists of a bundle of following modules:
- Software router - redirects a traffic directed to an unused address space to a separate network segment containing a set of traps,
- TCP trap is logging each connection event,
- log processor - analyzing meta-information of connections to the TCP trap (address and port of a source as well as destination),
- abuse complaint generator accepts input from the log processor and notifies responsible parties about a security incident (developed by our technical team and is freely available to all)
This architecture, although built using a number of standard and public modules, is quite unique because unlike alternative approaches used by a number of large hosting providers, the proposed solution is resistant to IP spoofing attack kind, and therefore will not allow the attacker to forge cases of abuse.
In addition, the system includes a number of algorithms that prevent false positives in cases where a client, for example, has made an error when trying to connect to an existing server.
2024/06/24 update: We now publish detected malicious IP address feed to Open Threat Exchange (OTX) here.