Members of The Honeynet Project’s Giraffe Chapter released a new real-time attack map earlier today.
[Update 9/25/2012: Additional data feeds have been added]
The map shows live attacks from locations around the world, provided by distributed honeypots operated by Honeynet Project chapters. Currently the map is in an alpha release stage, and additional data and input sources are planned for future releases.
Some of the underlying technologies that make the map possible are: dionaea, thug, glastopf, hpfeeds, and honeyMap, all of which are contributed to by individual Honeynet Project members. Although this map only shows a fraction of the attacks happening every second worldwide, it provides a strong visual indicator of the constant level of threat that Internet exposed services face every day.
It’s important to note that this map plots the geographic “source” of attack, but that does not always mean that the attacker is located in that country. Very often the case is that an unsuspecting victim in country X is attacked by an attacker in country Y who then uses the victim’s computer in country X to attack another unsuspecting victim in country Z, and so on. This is to say that just because a certain country has a lot of hits on the “attack” map, does not necessarily mean that residents of that country performed those attacks, they may have just been unsuspecting victims themselves.