Using our Collective Intelligence Network Security, or CINS, we can identify several classes of “bad” IP addresses.

IP addresses tend to have certain “personalities.” For example, perhaps a Chinese IP address gains a reputation as a scanner, or maybe a Russian (or American) IP address is prone to attacking remote desktop vulnerabilities. There are IP addresses from all over the world flagged as Command and Control servers for malware botnets.

More than reputation lists, we utilize non-IPS sensor data to examine traffic on unused IPs on all Sentinel IPS protected networks to augment and populate the CINS system. Through analysis and continuous scoring of data, akin to machine learning, our active threat intelligence stream is created.

All of these characteristics  and more play a key role in developing an IP address’ trustworthiness score.

Many years of usage have proven the value of this approach. If you manage an IDS or IPS sensor, or SEIM, regardless of the vendor, you have likely benefitted from an alert or block vis-a-vis the CINS system under the heading of CIarmy, which is now CINS Army.

How do I access CINS Scores?

Today, CINS Scores are only available to Sentinel customers using the Sentinel’s web interface. This may change as the CINS system continues to evolve. Until then, feel free to download the CINS Army List and add a new layer of security to your networks.

  • Privacy Policy
Please Note: As of October 2013, we’ve expanded the reach of this list. What used to be a simple ‘Top 100’ offending IP addresses has now expanded to a list of IP addresses that meet the above criteria. The rationale for both lists is similar, so it should not impact the efficacy of the list. We just wanted everyone to be aware of the change.

[blog number_posts=“5” class=“titleOfContent” id=“titleOfContent”][/blog]