Outcomes
- Evaluate network-layer signals beyond simple IP reputation
- Build a practical IP risk scoring component
Prerequisites
- Sections 1-4 completed
- Comfort reading WHOIS, ASN, and threat intelligence data
Section Breakdown
Lecture 22
IP Reputation & Threat Intelligence Feeds
Break down the value and failure modes of commercial and open-source reputation sources.
Lecture 23
Proxy, VPN & Tor Detection
Measure the strengths and blind spots of common infrastructure attribution methods.
Lecture 24
Datacenter vs. Residential IP Classification
Explain why residential traffic is hard to label and how mixed evidence improves confidence.
Lecture 25
ASN & BGP Analysis — Reading the Routing Layer
Use routing context to understand which providers and networks repeatedly show up in abuse pipelines.
Lecture 26
IPv6, CDN Edge IPs & Spoofing Risks
Handle less familiar address space, shared edge infrastructure, and bad assumptions about origin identity.
Lecture 27
Geolocation Mismatch Detection — When IP Lies
Combine geography with locale, session behavior, and infrastructure hints to detect improbable stories.
Lecture 28
Honeypots — Passive Detection at the Network Layer
Position network-layer honeypots as telemetry sources rather than silver bullets.
Coding Exercise
Build an IP Risk Scoring Module
Implement a scoring module that combines reputation, provider, route, and location evidence into a clear risk output.