I was working on a nostr honeypot which functioned as a (semi) relay and also detection system. I have rules defined in JSON which is working well with weights and scoring, but I realized the short term lift would be to connect to existing relays, perform the correct subscriptions and parse the data for immediate security benefit versus me implanting the NIPs to a relay integrated.
I’m conflicted now if it would be classified as a true honeypot, security flavored relay, or a remote event security scanner.
The end goal is to detect bad actors, compile a list/db, and have relays link to it if they choose.
Ron Stoner
npub1qj…dz44v
2023-02-03 08:40:11
in reply to nevent1q…syth
Author Public Key
npub1qjtnsj6hks7pq7nh3pcyv2gpha5wp6zc8vew9qt9vd2rcpvhsjjqydz44vPublished at
2023-02-03 08:40:11Event JSON
{
"id": "8cae6fceb1e8a592353cd33d93d1e4ebb5a09d87a44171df409a5227da169d36",
"pubkey": "0497384b57b43c107a778870462901bf68e0e8583b32e2816563543c059784a4",
"created_at": 1675413611,
"kind": 1,
"tags": [
[
"e",
"65ab1816a8d7b3e37a92ebd7ddf6cd0179c3aaf9b080633eecb8e09a75fdc34c"
],
[
"e",
"af68f45ce930e8b51902b581069c647dc26769ed0649ac13072eb5c6edc5de7b"
],
[
"p",
"bc05ab3430d068bc0ace29c30e0732e84d64a37fad33da63a23dd31543c9f4ca"
]
],
"content": "I was working on a nostr honeypot which functioned as a (semi) relay and also detection system. I have rules defined in JSON which is working well with weights and scoring, but I realized the short term lift would be to connect to existing relays, perform the correct subscriptions and parse the data for immediate security benefit versus me implanting the NIPs to a relay integrated. \n\nI’m conflicted now if it would be classified as a true honeypot, security flavored relay, or a remote event security scanner.\n\nThe end goal is to detect bad actors, compile a list/db, and have relays link to it if they choose.",
"sig": "b6f9c4c54dd28a4f67ae4f5571d31ffa1bc3382f9384ff21996d599684306d911f78993f076116fb1f4ecf89bd7785ef60df4e2845cbdd797a88cdf91876ff27"
}