Denshi Goshin Jutsu dojo logoDenshi Goshin JutsuNetTools Defense Academy

Playbook

Bot Scans And Brute Force Attacks

Use HoneyMesh traps for Behavior-Based Detection, confirm JA4-first context, then escalate to Kernel-Level Blocking with eBPF/XDP only after allowlist review.

Advanced12 minHoneyMesh

The problem

Bots are scanning services or brute forcing exposed entry points, and you need behavior-based proof before blocking.

Operator approach

Start with the documented workflow for the tool, collect evidence, and keep the next step visible before changing settings, blocking traffic, unlocking storage, or transferring sensitive files.

First steps

  1. Review Live Threat Stream event rows for trap hits, repeated attempts, and source behavior
  2. Check IP, port, JA4/JA3, app, session, action, and active-ban status
  3. Use BLOCK, EXTEND, PERMANENT, RELEASE, or WHITELIST intentionally
  4. Move to ENFORCE only after allowlist review and share intelligence only through Pro Exchange/trusted mesh when explicitly enabled

Related apps

HoneyMesh