alt Hacker NewsGreynoise and others have shell companies and spin up exposed infra specifically to pick up scanning activity.
They have them all over the world to get attackers scanning only certain regions etc.
I should also note - I’m extremely skeptical of the OPs claims or inference that the attackers have potentially fingerprinted greynoises sensors. To suggest this while some traffic increased from specific ASN’s seems unlikely that this was the case.
If it’s not clear - this was written by a competitor of theirs.
Replies
ericpauley • today at 4:29 AM
We cannot know for certain what the root cause is. However, honeypot fingerprinting is a well-known risk for any vantage point, particularly a high-profile one.
If you want a disinterested perspective from the Research & Education community, look to CAIDA, the Center for Applied Internet Data Analysis: https://www.caida.org/
Also I just found "Hawkeye" the author of TinyFugue, Ken Keys, employed here! Cool beans!