The Google/Arbor Digital Attack Map[1] provides a similar view based on data from 270+ ISPs around the world. Hovering over an attack shows details, and sliding the timeline indicator to dates in the past lets you view some very large attacks (>400 Gb of attack traffic).<p>[1] <a href="http://www.digitalattackmap.com/" rel="nofollow">http://www.digitalattackmap.com/</a>
Couldn't find much information about that visualisation, so I have to wonder - what kind of traffic do they count? Is it only showing detected known/assumed attacks? Or does it count all connections? (i.e. does it include scans, or not)<p>If it includes scans - I'm surprised how few there are. (that's about as many as you'd get on 5 randomly created VMs) If it doesn't - I'm surprised how many active attacks there are.
"The Norse live attack map is a visualization of a tiny portion (<1%) of the data processed by the Norse DarkMatter™ platform every day."<p><a href="http://www.norse-corp.com/" rel="nofollow">http://www.norse-corp.com/</a>
Does anyone know why so relativly many attacks come from the Netherlands? After running this for about 5 minutes it is the number one origin of attack at the moment.
There is fairly rampant infection of something which uses port 21230 for its activities. I use the port numbers and verify that my iptables aren't passing any of them, which is generally useful. And it is interesting to see the ones being "attacked" (as in people trying to either open them or send data to them via UDP)
Could they effectively DoS the IPs on the blacklist[1] and still play good defense?<p>1. <a href="http://www.norse-corp.com/darklist.html" rel="nofollow">http://www.norse-corp.com/darklist.html</a>