We have released our blacklisting feature a while ago and made sure it is fully supported by our Cloud Security API to allow Dome9 users to automate adding suspicious IP addresses to their account-wide blacklist.

Recently, our friend Sebastien @securitygen who runs Security Generation has decided to put the blacklist API to use and connected it to what he calls, The Honeyport.

A honeyport is essentially a simpler version of a honeypot. Whereas honeypots aim to simulate an application or protocol for the attacker to play around with, all the honeyport looks for is a connection from an external party, after which a specific action is performed (usually blacklisting them).

Running this bash script, Dome9 customers could easily trap every attacker who tries to pray on any of their protected servers, and blacklist it on-the-fly.

Here’s a link to the original artical: