Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 10, 2016, 10:35:27 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Project Honeynet's HoneyMap displays cyberattacks in real time  (Read 6613 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Project Honeynet's HoneyMap displays cyberattacks in real time
« on: October 05, 2012, 09:20:34 AM »
This is pretty interesting. Project Honeynet has just put up a realtime visualization of cyberattacks on locations which are hosting one or more of the project's passive sensor tools. The visualization doesn't necessarily show "targeted" (i.e. human directed against a specific target) attacks. But it does show suspicious scanning and other activities detected by their sensors. Most are likely to be automated vulnerability scans. But it does provide a sense of just how prevalent vulnerability probing is considering the relatively small number of networks that are involved with Project Honeynet compared to the total number of networks out there.

Check out their website for full details.

Link to Project Honeynet homepage here.

Direct link to the HoneyMap is here.

Here's a screenshot taken around 10:15 EST.

honeynetMap.pngProject Honeynet's HoneyMap displays cyberattacks in real time


Quote
The HoneyMap shows a real-time visualization of attacks against the Honeynet Project's sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!

We have seen attack visualizations for quite some time in various forms and availabilities. So far, we only had a GTK canvas based solution and a project around Google Earth and WebGL that would show attacks against our honeypot systems. The most awesome related projects are coming from our Australian folks (thanks Ben) - make sure to take a look at their site.

Despite earlier nice approaches, a pure web based one that could easily be shared was not existing. With better abstractions, more libraries and cool HTML5/CSS3 stuff becoming available for web browsers, Florian decided to try a similar visualization that could be made available as a service without any setup requirements. After the first initial proof-of-concept code, we decided to throw some real data onto the map.

Internally, the Honeynet Project uses hpfeeds for collecting data from honeypots and sharing it across different analysis components and data storage setups. Thus, we added hpfeeds support to our map back-end and translated all IP addresses of our events to geographic locations through the MaxMind IP geolocation. After a short while we had a real-time event visualization that used our already existing honeypot data - and it looked awesome!

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #1 on: October 05, 2012, 09:40:39 AM »
That's really cool. Sad that it's needed, but still pretty cool.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #2 on: October 05, 2012, 11:27:05 AM »
That would be a great visual for a client that didn't think hacking was real problem.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,434
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #3 on: October 05, 2012, 12:04:27 PM »
would make a nice screensaver..

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #4 on: October 05, 2012, 12:18:09 PM »
would make a nice screensaver..

That is tempting, but I don't think there is enough movement.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #5 on: October 05, 2012, 01:51:36 PM »
would make a nice screensaver..

That is tempting, but I don't think there is enough movement.

You'd have to put it in a smaller window and move that around quasi-randomly if you did. (That couldn't be easy.)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #6 on: October 05, 2012, 02:52:02 PM »
would make a nice screensaver..

That is tempting, but I don't think there is enough movement.

You'd have to put it in a smaller window and move that around quasi-randomly if you did. (That couldn't be easy.)

Hm... (actually...) That could work (with an IE control window), as there is already a MoveWindow function in the API. So screen coordinates and a timer feeding MoveWindow during WM_TIMER events with a SS framework and you're there.

Crap the last thing I need right now is another project (damn, damn, damn...).

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,434
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #7 on: October 05, 2012, 02:55:03 PM »
Maybe best to take a step back and ask if there are already good screensavers that simply display a url live that would already be able to handle this.  probably are right?

I mean I have a screensaver tool (MultiPhotoQuotes), I could add an IE window type to it.. But there are probably others.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 6,143
  • Slartibartfarst
    • View Profile
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #8 on: October 05, 2012, 03:40:47 PM »
Maybe you could learn from something like Xearth - a rather pretty and unique "screensaver" that can show realtime/live earthquakes from around the globe. Apparently it takes feeds from databases of data accumulated from remote seismic data loggers. You can also look at the data in the application interface.
I haven't used it for a while, but I recall that any tremors were plotted and displayed as little red circular bands - the bigger the tremor on the Richter scale, the bigger the diameter of the band.
The plots were displayed cumulatively, so, a while after starting the thing up, you got a developing picture of recent history which was progressively updated with current event plots. I'm not sure how long (hours/days) the "old" bits of the plots were left to hang around for.

Example: This was 13 Sep. 2007: (The original was a BMP file, and the placenames are legible, but in the smaller .PNG copy they don't look so good.)

Earthquake 2007 0913 xearth.pngProject Honeynet's HoneyMap displays cyberattacks in real time

Here's a .JPG copy from 1st Oct. 2007:

Earthquake 2007 1002a xearth.jpgProject Honeynet's HoneyMap displays cyberattacks in real time

I don't know much about how it was developed or what functions it uses though.
Could you crib something from that? Here is an extract from the home page.
Quote
What is it?
Xearth sets the X root window to an image of the Earth, as seen from your favorite vantage point in space, correctly shaded for the current position of the Sun. By default, xearth updates the displayed image every five minutes. The time between updates can be changed using either X resource or a command-line option. Xearth can also be configured to either create and render into its own top-level X window or render directly into PPM or GIF files; see the man page for details.

New features
Version 1.1 of xearth includes several new features:
    new position specifier (moon)
    new rotation specifier (galactic)
    cylindrical projections (-proj cyl)
    support for "real" 24-bit displays
    support for running xearth it its own top-level window (-noroot, -geometry)

Information about previous versions can be found in the HISTORY file that ships with the version 1.1 sources.
« Last Edit: October 05, 2012, 03:53:32 PM by IainB, Reason: Added a second picture. »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #9 on: October 05, 2012, 03:58:50 PM »
Maybe you could learn from something like Xearth - a rather pretty and unique "screensaver" that can show realtime/live earthquakes from around the globe.

Not so sure Xearth is a per se "screen saver". The Windows version I found via your link was last updated in 1999, and changed my desktop wallpaper to the globe scene.

Was kinda nice really ... Just not clear how to shut it off. I used task manager to kill it and had to reset my wallpaper after.

But you're right, I did learn something: Stop clicking on shit before I read the instructions.

 :D

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 679
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #10 on: October 05, 2012, 09:32:41 PM »
Stop clicking on shit before I read the instructions.
;D  Happened to me just the other day, couldn't quite remember why I had downloaded TunnelVision or just what it did...

(But afterward I had great fun in the office with it! :P
vi vi vi - editor of the beast

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 6,143
  • Slartibartfarst
    • View Profile
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #11 on: October 06, 2012, 03:42:39 AM »
Not so sure Xearth is a per se "screen saver".
Oh no, it's not a sceensaver. That's right. I had forrgotten that it was just a dynamic wallpaper

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Project Honeynet's HoneyMap displays cyberattacks in real time
« Reply #12 on: October 06, 2012, 08:54:18 AM »
Not so sure Xearth is a per se "screen saver".
Oh no, it's not a sceensaver. That's right. I had forrgotten that it was just a dynamic wallpaper

Hay, it's cool man - shIT happens :) - It actually gave me an idea given that live monitoring while one is away from the computer (e.g. SS mode) is a bit of a contradiction. So I just opened it in a browser on my second monitor and hit F11 (kiosk mode in IE) which works effectively as half a screensaver while letting me function normally on the first monitor. Give it a shot..(assuming you have multiple monitors of course)...I do believe it's exactly the effect we were after.