Real-time network attacks
Jason Belich stashed this in disruption
This represents about 1% of the 74T+ data collected.. and it's artificially delayed about 5-30 minutes. T'was sharing it with Adam..... figured I'd share it with everyone... (careful tho, don't leave it on too long unless you have alot of memory.. it leaks. lol)
they whipped that together after seeing ours at the RSA conference.... they're using 91 honeypot machines (mostly from the honeypot project), we have a number I can't say exactly but in the thousands.... also their false positive rate dwarfs any real data.
Ooooh. I just found this last Friday and shared it with a friend who said it wasn't impressive but didn't specify why. I guess I needed a second opinion.
I'm just in shock that there are so many attacks going on in the world in any given hour...
It's like my eyes were just opened to something hidden in plain sight.
It does not stop... doesn't even slow down... and it's really interesting when the attacks are clearly directed at us (i.e. norse-corp)
Just the other day, someone portscanned the entire IP4 space in an effort to find our honeypots.. encoded in the packet was an address, which contained web page taunting _me_ (not by name but the 'web devs' responsible for our 'worst IPs in the world' widget).He did his scan over the course of about 90 seconds... It was an interesting nutshot of data...
I can imagine. There are only 91 honeypots? That seems... low.
I think that's the number of honeypots in Project Honeypot which push their data publicly... it's the number they quote in their press
Oh, ok. That makes more sense.
Still, it's like my eyes are open. So much happening in the world right now.
and oh yeah.. that's 74T collected _each_day_
I cannot imagine the I/O considerations of storing that much data.
I was wrong about the amount of data the map represents: it's actually 0.0122% .... roughly 1 in 8000 events...