“Sinkholing” is a technique that intercepts botnet traffic on its way to a Command and Control (C&C or C2) server. It redirects the traffic from its original destination to one specified by the sinkhole owner. We use this technique to observe events. The listed IP addresses are not malicious and do not belong to groups running the botnets. There is no security benefit from blocking these IP addresses in a firewall rule.
In most cases, the destination IP for Compromised System findings on your company is fully visible in the Findings Table. In a small number of cases, we are unable to provide destination IP addresses to our sinkhole due to agreements with Bitsight data partners.
Navigation Options
SPM App: Findings ➔ Findings Table
- Select a company from your Companies List.
- Go to
Vendor Risk ➔ Findings
- Select a company from your Companies List.
- Go to
Client Risk ➔ Findings
- October 28, 2024: Findings Table in the SPM app moved from Risks to Findings section of the menu.
- May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked.
Feedback
0 comments
Please sign in to leave a comment.