RE: [logs] security animation - datamining experiment

• Previous message: Stefan Norberg: "RE: [logs] NTP Client?"
• Maybe in reply to: Tom Perrine: "[logs] security animation - datamining experiment"
• Next in thread: Sean deBardelaben: "RE: [logs] security animation - datamining experiment"
• Reply: Sean deBardelaben: "RE: [logs] security animation - datamining experiment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tom,

 

That's a pretty neat animation.  Definitely looks better in QT than in
Real Player though.

 

I'm sort of curious.  What resource did you use to map the IP numbers
back to geographic locations?

 

Frank Solomon

University of Kentucky

http://www.franksolomon.net <http://www.franksolomon.net/> 

"When you get as old as I am, you start to realize that you've told

most of the good stuff you know to other people anyway."

--Richard Feynman

 

-----Original Message-----
From: Tom Perrine [mailto:tepat_private] 
Sent: Tuesday, February 11, 2003 2:47 PM
To: loganalysisat_private
Subject: [logs] security animation - datamining experiment

 


*** PGP Signature Status: good 
*** Signer: Tom Perrine (Invalid) 
*** Signed: 2/11/2003 2:46:21 PM 
*** Verified: 2/12/2003 6:45:18 AM 
*** BEGIN PGP VERIFIED MESSAGE *** 

Yesterday I posted on our web pages our first animation of a long-term
log analysis. This is a mini-data-mining experiment that I hope you'll
like and find interesting. If nothing else, it should spark some
discussions about analysis :-) It's an animation derived from all of our
syslog records from 12/1996 through 12/2002, showing all the connections
into SDSC.EDU from non-US sources. Since we have almost no non-US users,
this is a simple way to try to characterize "intent". We started with
3.4 billion records, and filtered/mined down to about 1 million or so.
Details of the data and analysis methodology are on the web page. If you
run the animation slowly, you will perhaps see the Internet moving into
Eastern Europe in the late 90's, and some real spikes from Canada,
Mexico, Brazil, Portugal, etc. I'm still not sure *exactly* what I'm
seeing in this animation :-), but its a start at visualizing "security".
Enjoy. The animation is off our main security web page at:
http://security.sdsc.edu/ -- Tom E. Perrine | San Diego Supercomputer
Center http://www.sdsc.edu/~tep/ | 

*** END PGP VERIFIED MESSAGE *** 
_______________________________________________ LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis 


_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Sean deBardelaben: "RE: [logs] security animation - datamining experiment"
• Previous message: Stefan Norberg: "RE: [logs] NTP Client?"
• Maybe in reply to: Tom Perrine: "[logs] security animation - datamining experiment"
• Next in thread: Sean deBardelaben: "RE: [logs] security animation - datamining experiment"
• Reply: Sean deBardelaben: "RE: [logs] security animation - datamining experiment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 11:17:57 PST