TFTP Honey Pot Results: Why Infosec Companies Scan More Than Hackers
TFTP Honey Pot Results
I ran a TFTP honey pot for over a month and was surprised to find that most traffic came from seven infosec companies like Shadow Servers, Censys, and Shodan rather than malicious actors. These organizations regularly probe my server to identify TFTP software or check for vulnerabilities, often using automated scans that mimic real attacks. Despite my excitement about catching bad guys, the data revealed a landscape dominated by legitimate security firms mapping the internet.
"One of the ironies of this experiment is that most of the TFTP traffic comes from infosec companies, not bad guys trying to exploit niche software."