The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!
We have seen attack visualizations for quite some time in various forms and availabilities. So far, we only had a GTK canvas based solution and a project around Google Earth and WebGL that would show attacks against our honeypot systems. The most awesome related projects are coming from our Australian folks (thanks Ben) – make sure to take a look at their site.
Despite earlier nice approaches, a pure web based one that could easily be shared was not existing. With better abstractions, more libraries and cool HTML5/CSS3 stuff becoming available for web browsers, Florian decided to try a similar visualization that could be made available as a service without any setup requirements. After the first initial proof-of-concept code, we decided to throw some real data onto the map.
Internally, the Honeynet Project uses hpfeeds for collecting data from honeypots and sharing it across different analysis components and data storage setups. Thus, we added hpfeeds support to our map back-end and translated all IP addresses of our events to geographic locations through the MaxMind IP geolocation. After a short while we had a real-time event visualization that used our already existing honeypot data – and it looked awesome!
We are very happy with the outcome of our small pet-project as the map so far has been very popular and seems to be well-received by other researchers and the community. As the word was spread across Twitter, Facebook, and some news sites, we started to get a decent amount of mails by people having questions about the HoneyMap and the data used for it. Here are a few more insights that should clarify most of the questions we got.
Apart from that the Honeynet Project has many tools and activities that you can participate in. And of course we are always grateful for sponsors / donations!
Now if you still want to find out more, you might want to take a look around this website and at the material available from our last workshop hosted by Facebook here.