back to article AWS stirs the MadPot – busting bot baddies and eastern espionage

AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant's security execs tells us has thwarted Chinese and Russian spies – and millions of bots. The massive honeypot system has been around since late last decade, and includes tens of thousands of threat sensors monitoring criminals' …

  1. TDog

    False Positives

    "These sensors spot more than 100 million potential threats every day, and some 500,000 of these turn out to be malicious activity." Or 99.5% false positive rate. Now if only we knew the false negative rate...

    1. Peter-Waterman1

      Re: False Positives

      Think since Msft got hacked, the big guys are under pressure to show what they are doing.

  2. t245t Silver badge

    Chinese and Russian spiebots :o

    You would think these Chinese and Russian spies would learn how to disguise the source I.P address /s

  3. Kevin McMurtrie Silver badge

    Odd stats

    What is "malicious?"

    This is a question that plagues many realtime blocklists. Hostile networks will rapidly rotate IP addresses between legitimate and illegal uses to frustrate blocklist users. Spamhaus will stop delistings on chronically dirty networks, making the service notoriously controversial for its false positives. On the flip side, AbuseIPDB will whitelist networks that are often transiently abused. This encourages even more abuse and makes the blocklist entirely useless against transient attacks.

    There are, of course, lots of networks that are 100% hostile and it would be nice if everyone stopped routing their traffic. I'd also be super happy if Amazon could work on their vast network of illegal "affiliate" and "lead generation" customers.

  4. trindflo Bronze badge

    *Who* is "malicious?"

    I think we know *What* is malicious: taking something that isn't yours. Whether it be money, a drop-off address, an IP to hide behind, it all boils down to theft. That lumps a lot of information harvesting in the name of advertising activity in with the lot. It is the wild west as to what is acceptable abuse of the commons that are the internet.

    So it is important to provide a way to correct mistakes, but if it is an obvious choice in business practice I don't see why a blocklist or any other gatekeeper shouldn't be draconian. Who cares if you were only a little rotten, or if you've stopped doing it for now; I still don't want you around my kids.

    I wonder if there is sufficient non-advertising business interest in a network to fund something like the internet, but without the nonsense. In that case the entire model would rely on being draconian about who is allowed inside the club. No phishing emails from North Korea - ah, what a dream.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like