No. From another thread.... I decided to do a little digging. It appears Norse creates a honeypot to mimic specific network destinations to entice attacks. So, what we're seeing isn't an attack on a 'target' so much as Norse's honeypots being activated.
From their CTO: "We have a very large honeypot, where we have, at any given time, over 5m emulations towards the Internet. Meaning we emulate over 5m users, servers, infrastructures on the Internet. We mimic a bank. We put in place honeypots to mimic Microsoft Exchange servers, Linux systems, ATMs. We try to mimic as much as we can of the infrastructure online to make it look attractive to be attacked."
They also have administrative offices in St Louis and have admitted to having a lot of their honey pot location in the area in press releases.
It would appear I'm on the right track Still, quite odd that this 'security company' isn't able to identify the type of attack against their own honeypots. Or maybe just not willing to put that sort of info public?
Until recently, the whole "unknown" thing seems to be an uncommon occurrence from what I understand, but I'm new to Norse. If that is true, it fit's with the honeypot explanation.
view the rest of the comments →
BeerBaron ago
No. From another thread.... I decided to do a little digging. It appears Norse creates a honeypot to mimic specific network destinations to entice attacks. So, what we're seeing isn't an attack on a 'target' so much as Norse's honeypots being activated.
From their CTO: "We have a very large honeypot, where we have, at any given time, over 5m emulations towards the Internet. Meaning we emulate over 5m users, servers, infrastructures on the Internet. We mimic a bank. We put in place honeypots to mimic Microsoft Exchange servers, Linux systems, ATMs. We try to mimic as much as we can of the infrastructure online to make it look attractive to be attacked."
They also have administrative offices in St Louis and have admitted to having a lot of their honey pot location in the area in press releases.
It would appear I'm on the right track Still, quite odd that this 'security company' isn't able to identify the type of attack against their own honeypots. Or maybe just not willing to put that sort of info public?
deathcomesilent ago
Until recently, the whole "unknown" thing seems to be an uncommon occurrence from what I understand, but I'm new to Norse. If that is true, it fit's with the honeypot explanation.