Cool site to live view attacks on the internets
-
For noobs like me only, I assume all the experts here already know this site 8)
http://map.ipviking.com/
-
Looks like the USA is getting all the "love".
-
Take into consideration that the site consumes 600MB of memory very quickly…..
-
Yep - Its super resource hungry.
-
Try running Snort on LAN when you click that link ;)
-
Why? I don't run snort. Its not even installed.
Also using a VPN to the USA at the moment. Pfsense on server side, of course.
I have Linux and windows with Symantec endpoint protection on my end. The US governments version.You thinking there is something bad in that site?
-
I just saw a 3000% rise in inbound traffic blocked by Snort after clicking that link….
-
I'm more surprised when snort doesn't block something than when it does.
-
Snort works very well when setup correctly but its not a FAF solution :D
-
Seems like a SWC (screw with constantly) solution. haha.
-
:D
-
Take into consideration that the site consumes 600MB of memory very quickly…..
It DOSes your browser
-
So, is the purpose of it to DOS the browser or is there simply alot going on?
-
You click a link belonging to a company that makes money from telling people than attacks are eminent and going on all the time… They show it realtime so it must be for real.
It fucks your browser and seconds after clicking, a sudden rise in Snort reported traffic on the FW frontend.
I wonder why.... ;)
To be not rendered useless, the company needs to attract traffic of the bad kind to show off its potential of reporting it.....
And they charge a shitload to their customers for reporting the latest and baddest of attackers and what the customers should be aware of... But to see that, they need to attract that traffic since they cant monitor whats going on live on the internet....
Even if they say they do.
-
I'm not so certain that its attracting bad traffic so much as just hammering your network with traffic from their web demo. I wasn't getting anything malicious. No scans or anything. Of course, my server end does have a dynamic IP so I'd hate to have to get all crazy and reboot… That would take 10 whole seconds and then I'd have a new IP. However for the guys with static IPs I suppose getting DOSSed would be a big deal.
-
:D
-
What's this 600MB RAM you are talking about? All I get is a blank page with white "Loading…" letters on it. (FF+noscript, the only safe browsing experience on the planet)
A lot of companies have this data. The most important thing is what you do with it. For example I still don't get how static IP assignments raising flags right and left, are still allowed to carry out their attacks. Either nobody is actually reporting this activity (I can tell you from personal experience, if you receive an abuse report from me and you ignore it, you get sent directly to the permanently banned list, without passing "Go", without collecting anything), or their upstream doesn't really care. Since their upstream doesn't really care, neither does his upstream's upstream. Follow the money right up to Tier 1 providers (Tier 1=you don't pay a dime to get your traffic anywhere, you charge a fortune to get the client's traffic from point A to point B). The busiest the lines are kept, the more lines need to be kept open. The more lines need to be kept open, the more money is kept flowing in.
Do the responsible thing and report abuse detected on your network to the IP's abuse contact. If he/she/it (company) ignores you, ban the IP. If you see other hosts from that range show up on the alerts, ban the entire range. If you see alerts from other ranges belonging to the same persons/companies, clearly they don't give a f*** and deserve to be given the finger. Ban all their ranges. That's the only way I can see against the attackers. Everyone else either doesn't care, doesn't know enough to care, or is getting payed not to care.
A big map showing the attacks would be nice though...hm...there's an empty wall over there.... would go nice with dots flying around in realtime across the screen to simulate packet transfers...oh wait, USCYBERCOM (formerly NETCOM, formerly ISCUSA, keeping track is difficult) already does that. If we could only get them to upgrade IE6 to something newer... (for the life of me I can't find the pic from their command center. Maybe I'm thinking of the wrong *COM) (and seeing that I did just mention USCYBERCOM my life could or could not end with me being added to this list http://www.assassinationresearch.com/v1n2/deaths.html (scroll a bit down), oh wait that's CIA's job. Is that a drone?)
-
There is an industri earning money to keep it alive and abusive. Where would security be if we banned all the bad guys?? :D
Thats why I love pfblockerNG. I take the Snort alerts and collect the IP's that are trying to get in and update pfblocker with the IP. Then nothing slips through….
-
Yeah - I have always had a suspicion that the guys who make firewalls AV / Malware protection have a vested interest in also producing the thing they are meant to protect against. I'm sure at some point some major company will be caught red-handed doing exactly that.
-
I couldnt agree more!!