I agree! It’s regex for the proof of concept, but I plan to add the code I have in my spam detector tool to the honeypot for burst messages/other attacks and then add further detection at the packet level.
Discussion
When talking about packet level is that IP of poster and things like that ?
Somewhat - I can already pull connecting IP and headers for the relay web socket connection easily. I’m talking more about dissecting the packet contents themselves versus using regex to parse the json payload.