This application analyzes web traffic and then beautifully displays attacks on a global map. How does it intercept web traffic so it can analyze it? Isn't web traffic private to everyone except to ISPs and powerful government agency like the NSA? How does it detect and differentiate MYSQL attacks from regular MySQL queries?
Asked
Active
Viewed 6,917 times
7
-
More important is, whether a pretty picture on the screen has any relevance to the real world or not. So far it's just a picture and fancy words. In the end, it's a matter of trust, as I highly doubt they will divulge any substantial information about how they do it. For me, it is better to distrust unless proven to be true. – Dmitry Janushkevich Jun 27 '14 at 14:33
-
2They sell security products which analysis there customers traffic to protect them from attacks. As customer you have the choice to use there products or not. See http://norse-corp.com/technology_infra.html#tech – PiTheNumber Jun 27 '14 at 14:28
1 Answers
7
The company that set this up, Norse, actually has honeypots (intentionally vulnerable networks) set up in various countries across the globe. By installing various pieces of software, looking at logs, etc., the people at Norse can determine the (apparent) IP of the attack. While I don't think that Norse is lying, as @Dmitry seems to, I do think that given the ease with which IPs can be faked, the map should not be considered reliable.
Source: http://www.engadget.com/2014/06/24/live-hacking-map/
KnightOfNi
- 2,277
- 3
- 20
- 23