Norse Attack Map

I&#x27;ve seen maps like this discussed[0] on &#x2F;r&#x2F;netsec&#x2F; and other similar forums and from my understanding, they are mostly useless. It&#x27;s aggregates some data to make a very pretty site, but doesn&#x27;t really give you anything actionable. Normally you need to run it through real monitoring tools with various thresholds configured so you can alert the proper teams to act when something odd is going on.<p>[0] <a href="http:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;netsec&#x2F;comments&#x2F;2xuai9&#x2F;pewpew_your_very_own_ip_attack_map_with_d3js&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;netsec&#x2F;comments&#x2F;2xuai9&#x2F;pewpew_your_v...</a>

With a title like that, I was at first expecting to see a map of coastal attacks against northern Europe.

This map has much better pew pew sounds: <a href="http:&#x2F;&#x2F;threatbutt.com&#x2F;map&#x2F;" rel="nofollow">http:&#x2F;&#x2F;threatbutt.com&#x2F;map&#x2F;</a>

Thought it was a video game. Tried shooting back at China.

Are there any open source map platforms like this for integrating into real time data feeds (i.e. if we want to track sales by region etc...) onto a map?<p>I know about <a href="http:&#x2F;&#x2F;cesiumjs.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;cesiumjs.org&#x2F;</a> but it was extremely resource intensive heavy last time I tried to use it.<p>EDIT: it looks like they use <a href="http:&#x2F;&#x2F;leafletjs.com&#x2F;" rel="nofollow">http:&#x2F;&#x2F;leafletjs.com&#x2F;</a> -- looks interesting

Seems like China needs to go to internet time-out.

what is norse, and why does it hate st. louis?

If Norse wanted to make this data useful, they&#x27;d present it as a CSV, too. How else could I determine if one entity owns all the St. Louis targets??? :)

The company that runs this attack map published a blog post about China yesterday.<p><a href="http:&#x2F;&#x2F;darkmatters.norsecorp.com&#x2F;2015&#x2F;07&#x2F;07&#x2F;chinas-new-security-law-is-retort-for-u-s-sanctions-policy&#x2F;" rel="nofollow">http:&#x2F;&#x2F;darkmatters.norsecorp.com&#x2F;2015&#x2F;07&#x2F;07&#x2F;chinas-new-secur...</a><p>[EDIT: removed &#x27;unflattering&#x27;.]

Their homepage says &quot;Norse Tracks over 200,000 tor exit nodes&quot;. Tor metrics [1] says there exist 1,000 ish Tor exit nodes. So is Norse&#x27;s statement a blatant lie?<p>[1] <a href="https:&#x2F;&#x2F;metrics.torproject.org&#x2F;relayflags.html" rel="nofollow">https:&#x2F;&#x2F;metrics.torproject.org&#x2F;relayflags.html</a>

I don&#x27;t know much about network security. Is there a difference between the kind of attacks that would be caught by honeypots vs targeted attacks? Do these statistics depend heavily on how they setup their honeypots, which I assume is limited by the company&#x27;s logistics.

How do they collect this data?

Not sure how they are getting their attack data. Especially since they are classifying shodan as an &quot;attacker&quot;

interesting that attacks come directly from China instead of say some botnets distributed around the world.

This is more of a sales pitching device (and it&#x27;s a nice one) than a useful tool

What about that spot mid Russia which just pulsates? attacking itself?

I expected Russia to be active.