tell me your ip and i will tell you who you are - owaspvaried sophistication owasp 11 ip addresses -...
TRANSCRIPT
![Page 1: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/1.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Tell Me Your IP and I Will Tell You Who You Are
Noa Bar-Yosef
Sr. Security Strategist
Imperva
www.imperva.com
Oct. 29, 2010
![Page 2: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/2.jpg)
OWASP 2
Agenda
Different attacks, different sources
Applying IP Intelligence – determining what, how and why
Your IP Intelligence toolbox
Summary
![Page 3: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/3.jpg)
OWASP 3
Data At Risk
Total publicly stolen data records by external hackers in the US since 2005.
Source:
http://www.privacyrights.org/ar/ChronDataBreaches.htm#2
![Page 4: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/4.jpg)
OWASP 4
The Value of Data
![Page 5: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/5.jpg)
OWASP 5
The Rise of Industrialized Hacking
Roles Optimization Automation
Researching Vulnerabilities
Developing Exploits
Growing Botnets
Exploiting Targets
Consuming
Direct Value – i.e. IP, PII, CCN
Command & Control
Malware Distribution
Phishing & spam
DDoS
Blackhat SEO
Growing Botnets and Exploiting Vulnerabilities
Selecting Targets via Search Engines
Templates & Kits
Centralized Management
Service Model
![Page 6: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/6.jpg)
OWASP 6
It’s Not Going to Stop
The amount of money rolled in the hacking industry.
Source:
Joseph Menn, Fatal System Error: The Hunt for the New Crime
Lords Who Are Bringing Down the Internet, January 2010
![Page 7: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/7.jpg)
OWASP 7
More Hacking Motivations - Competitors
Data theft
Intellectual property
Company secrets
Business plans
Blackmail
Employee details
Company tradings
DoS
Corporate espionage
![Page 8: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/8.jpg)
OWASP 8
More Hacking Motivation – Nation States
Advanced Persistent Threats (APT)
Politically motivated
Cyber-warfare
Government espionage
When Hactivism Meets Industrialization
Stuxnet?!
![Page 9: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/9.jpg)
OWASP 9
Different Hack Sources – Common Ground
Formalized Attack Tools
Formalized Attack Services
Automation
![Page 10: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/10.jpg)
OWASP 10
The Security Solution
Quickly prevent the “Known Bad”
Focus analysis on the “Unknown Bad”
Mixture of sources
Different threat levels
Varied sophistication
![Page 11: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/11.jpg)
OWASP 11
IP Addresses - First Impression (1)
Connection Aggregators
Large organizations, ISPs
A single IP represents a group of unrelated sources
![Page 12: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/12.jpg)
OWASP 12
IP Addresses - First Impression (2)
Masquerading
Proxies, relays, TOR
The IP address does not represent the true source
![Page 13: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/13.jpg)
OWASP 13
IP Addresses - First Impression (3)
Hopping
Dynamic allocation
Attacker can alternate between addresses during a single session
![Page 14: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/14.jpg)
OWASP 14
IP Addresses – On a Second Look (1)
Persistent connections for home users (Cable, DSL)
65% of dynamically allocated addresses persist for more than a day
15% for more than a week
Source:
http://research.microsoft.com/pu
bs/63680/sigcomm07-
onefile.pdf
![Page 15: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/15.jpg)
OWASP 15
IP Addresses – On a Second Look (2)
Many attacks do not go through aggregators (i.e. home users)
IPv4 is still not exhausted
<15% of available IPv4 addresses were used in Q3 2009
(Akamai)
Only 60% of available addresses are allocated with a growth rate of 11% per year (IP2Location)
Not all hopping activity matters
Usually within the same country or area
IPv6?
![Page 16: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/16.jpg)
OWASP 16
Introducing IP Intelligence
What IP Intelligence is:
Gather information – obtain enough information about individual IP addresses
Analyze retrieved information – analyze what can be used to assist in security decisions and influence them
Apply Intelligently - apply the information in automated decision engines or manual forensic analysis
![Page 17: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/17.jpg)
OWASP 17
Gathering IP Information
Inherent Information
Type of allocation (Dynamic/ Static)
Ownership (ISP/ Individual)
Geo Location
Reputation-based
Known infections
Reported nefarious behavior
![Page 18: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/18.jpg)
OWASP 18
Aspects of IP Intelligence
Geo Location
Connection and AllocationAttributes
Thwarting masquerading
Reputation
![Page 19: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/19.jpg)
OWASP 19
Geo Location - What
Assign a physical geographical location to a network address
Different levels of granularity
Country (usually reliable)
City (“Greater Area”)
POP
![Page 20: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/20.jpg)
OWASP 20
Geo Location – How (1)
Explicit Registrar Information
Network Analysis
Route
Timing
![Page 21: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/21.jpg)
OWASP 21
Geo Location – How (2)
Degree of Accuracy
![Page 22: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/22.jpg)
OWASP 22
Geo Location – Why (1)
Business Logic Attacks
Unexpected geographic locations
Functionality limitations
EU regulations restrict access of personal information from outside the EU
![Page 23: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/23.jpg)
OWASP 23
Geo Location – Why (2)
Fraud Detection
Unusual geographic locations
Simultaneous access from different locations
Account differences
Physical location
Shipping
Billing
![Page 24: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/24.jpg)
OWASP 24
Geo Location – Why (3)
Analyze distributed attacks
Manually or automatically
Examples:
Scalping Attack
Comment Spam
![Page 25: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/25.jpg)
OWASP 25
Geo Location – Why (4)
Influence Fuzzy Decisions
Flag as: suspicious, malicious or benign
May require further investigation
Adaptive authentication
Reduced functionality
![Page 26: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/26.jpg)
OWASP 26
Connection and Allocation - What
Allocation
Dynamic
Static
Connection
Dial-up
Cable
T1
Speed
![Page 27: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/27.jpg)
OWASP 27
Connection and Allocation - How
Network Analysis
Route
Timing
![Page 28: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/28.jpg)
OWASP 28
Connection and Allocation – Why
Dynamic allocations are usually not servers
According to Microsoft the vast majority (96%) of SMTP traffic originating from dynamically allocated addresses is spam.
Dynamic allocations are usually not aggregators
Easier to detect brute force attacks
Expected application events rate is low
Regardless of connection speed
![Page 29: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/29.jpg)
OWASP 29
Thwarting Masquerading - What
Identify attackers hiding their true source
Hiding places
Network relays (SOCKS Proxy)
Anonymous proxies
TOR network (Onion routers)
![Page 30: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/30.jpg)
OWASP 30
Thwarting Masquerading – How (1)
Blacklist known IP masquerading addresses
TOR servers
Anonymous proxy computers
![Page 31: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/31.jpg)
OWASP 31
Thwarting Masquerading – How (2)
Detect discrepancies between information implied by IP address and the actual request
“Accept Language”
Value is local (en-us) but address is foreign
Value is foreign but address is local
Response time
In accordance to what is implied by location
Abnormal path
Analyze BlueCoat headers
![Page 32: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/32.jpg)
OWASP 32
Thwarting Masquerading – Why
![Page 33: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/33.jpg)
OWASP 33
Reputation – What (1)
Listings of IP addresses with bad reputation
Compromised servers
Botnet C&C servers
Infected servers
Infected computers
Active spam sources
Crawlers
…
![Page 34: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/34.jpg)
OWASP 34
Reputation – What (2)
Listings of IP addresses with impeccable reputation
Legitimate search engine bots
Aggregators (Akamai, Limelight)
![Page 35: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/35.jpg)
OWASP 35
Reputation – How
“Real-time” feeds for blacklists
Information should be updated and queried with high frequency (at least hourly)
Aging mechanisms must be applied
Honeypots
Community effort
Dynamic Allocation
Usually static for days
![Page 36: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/36.jpg)
OWASP 36
Reputation – Why (1)
Form spam / Comment spam
Identify potentially vulnerable resources
Block access by known active spamming sources
Business Logic Attacks
Reduced functionality for known infected sources
Require extended authentication
![Page 37: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/37.jpg)
OWASP 37
Reputation – Why (2)
Automation
Challenge for anti-automation
Block active attack sources
0-days can be blocked based on who is actually using them.
![Page 38: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/38.jpg)
OWASP 38
IP Intelligence Tools
![Page 39: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/39.jpg)
OWASP 39
Geo Location Tools (1)
Two major form factors
Online service
Forensic analysis
Non-stream applications (email)
e.g. Quova
On-premise database with API
Online security decisions
e.g. Maxmind
![Page 40: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/40.jpg)
OWASP 40
Geo Location Tools (2)
Different levels of granularity
Connection and allocation
Proxy detection
![Page 41: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/41.jpg)
OWASP 41
Reputation Data (1)
Multiple providers
Different data sets and information
Specialize towards specific type of malicious activity
Spam
Botnet
…
Data provided in various forms
Web Service
Incoming feed
On premise database/ appliance shielded by an API
![Page 42: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/42.jpg)
OWASP 42
Reputation Data (2)
Various data attributes
Raw data – use with discretion
Processed data
Gradual score
Data includes various indicators
A measurement for intensity of malicious activity
Activity duration information (last seen, first seen, etc.)
![Page 43: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/43.jpg)
OWASP 43
Reputation Data (3)
Non-commercial sources
Dshield (www.dshield.org)
ShadowServer (www.shadowserver.org)
![Page 44: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/44.jpg)
OWASP 44
Reputation Data (3)
Commercial providers
Verisign (iDefenceLabs)
RSA
McAfee (TrustedSource)
CommTouch
ThreatMetrix
Cyveillance
Unspam
![Page 45: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/45.jpg)
OWASP 45
Putting It All
Together
![Page 46: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/46.jpg)
OWASP 46
IP Intelligence – Step #1
Incorporate IP Intelligence into your security process
Geo Location as a forensic tool
Incorporate Geo Location into many frameworks
Supported by log aggregators
SIEMs can be customized
![Page 47: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/47.jpg)
OWASP 47
IP Intelligence – Step #2
Integrate with IP reputation services at different points
Some vendors (FW, WAF) offer it
Some reputation vendors offer their own independent solution
Most email protection solutions already have their integration out of the box
![Page 48: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/48.jpg)
OWASP 48
IP Intelligence – Step #3
Evaluate which vendor provides the most suitable solution for you
Form factor
High speed streaming
Manual forensic process
Focus of data
Spam
Web attacks
Bot infection
Data attributes
Raw data
Processed, scored feed
![Page 49: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/49.jpg)
OWASP 49
IP Intelligence – Summary (1)
Changes in threatscape make the use of IP Intelligence valuable for detecting and mitigating attacks.
Quickly identify known bad and keep your focus on complex issues
Mitigate 0-day attacks before they are well-analyzed and have specific protection
Fight online fraud with tools that help evaluate transactions and user behavior.
![Page 50: Tell Me Your IP and I Will Tell You Who You Are - OWASPVaried sophistication OWASP 11 IP Addresses - First Impression (1) Connection Aggregators Large organizations, ISPs A single](https://reader036.vdocument.in/reader036/viewer/2022071212/60245e3f68bc550c224b63dd/html5/thumbnails/50.jpg)
OWASP 50
IP Intelligence – Summary (2)
Commercial tools of various shapes and different purposes are available
Some are forensic analysis-oriented. Others can integrate with online security devices
Some vendors provide packaged solutions