Analysis: Find multi-purpose malware
It would be interesting to know if there are any kinds of malware that attack multiple protocols at once. We can go through all the IP addresses we consider bad (for example because of telnet minipots, graylist with high score) and look into other sources (flows, firewall records, other types of minipots) and cross reference them.
This would be nice research to know if there are some things that likely attack multiple things or if there are some more ports/protocols we might have minipots for.