At Duke, STINGAR has helped to increase the security team’s blocking capabilities from 10 million malicious connection attempts per day to 2 billion per day at the height of the Mirai botnet. The honeypot portion of STINGAR accounts for a significant chunk of these blocks and also has increased the fidelity of what we block, reducing false positives.
We believe that honeypots provide an excellent source of local threat data with a high signal-to-noise ratio. To that end, we forked the ThreatStream Modern Honey Network (MHN) project to our Community Honey Network (CHN) project, and have been improving it into an easy-to-deploy, flexible, honeypot system.
We would love for other universities to join the STINGAR community. We’re looking for:
- Feedback on the setup
- Feedback on options for integrating STINGAR data with your current network blocking infrastructure
- Interest and willingness to sharing your honeypot data back to a larger community