RE: [logs] security animation - datamining experiment

• Previous message: Solomon, Frank: "RE: [logs] security animation - datamining experiment"
• In reply to: Solomon, Frank: "RE: [logs] security animation - datamining experiment"
• Next in thread: Tom Perrine: "Re: [logs] security animation - datamining experiment"
• Reply: Tom Perrine: "Re: [logs] security animation - datamining experiment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tom,

I’m also curious about how you did the mapping?  Can you tell us?

Thanks

Sean

Sean deBardelaben
email:   seandat_private
text messages:  5126996567at_private
AIM: seandebardelaben

-----Original Message-----
From: loganalysis-adminat_private
[mailto:loganalysis-adminat_private] On Behalf Of Solomon, Frank
Sent: Wednesday, February 12, 2003 6:04 AM
To: loganalysisat_private
Subject: RE: [logs] security animation - datamining experiment

Tom,
 
That’s a pretty neat animation.  Definitely looks better in QT than in
Real Player though.
 
I’m sort of curious.  What resource did you use to map the IP numbers
back to geographic locations?
 
Frank Solomon
University of Kentucky
http://www.franksolomon.net
"When you get as old as I am, you start to realize that you've told
most of the good stuff you know to other people anyway."
--Richard Feynman
 
-----Original Message-----
From: Tom Perrine [mailto:tepat_private] 
Sent: Tuesday, February 11, 2003 2:47 PM
To: loganalysisat_private
Subject: [logs] security animation - datamining experiment
 

*** PGP Signature Status: good 
*** Signer: Tom Perrine (Invalid) 
*** Signed: 2/11/2003 2:46:21 PM 
*** Verified: 2/12/2003 6:45:18 AM 
*** BEGIN PGP VERIFIED MESSAGE *** 

Yesterday I posted on our web pages our first animation of a long-term
log analysis. This is a mini-data-mining experiment that I hope you'll
like and find interesting. If nothing else, it should spark some
discussions about analysis :-) It's an animation derived from all of our
syslog records from 12/1996 through 12/2002, showing all the connections
into SDSC.EDU from non-US sources. Since we have almost no non-US users,
this is a simple way to try to characterize "intent". We started with
3.4 billion records, and filtered/mined down to about 1 million or so.
Details of the data and analysis methodology are on the web page. If you
run the animation slowly, you will perhaps see the Internet moving into
Eastern Europe in the late 90's, and some real spikes from Canada,
Mexico, Brazil, Portugal, etc. I'm still not sure *exactly* what I'm
seeing in this animation :-), but its a start at visualizing "security".
Enjoy. The animation is off our main security web page at:
http://security.sdsc.edu/ -- Tom E. Perrine | San Diego Supercomputer
Center http://www.sdsc.edu/~tep/ | 

*** END PGP VERIFIED MESSAGE *** 
_______________________________________________ LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis 

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Michael Brausen: "Re: [logs] NTP Client?"
• Previous message: Solomon, Frank: "RE: [logs] security animation - datamining experiment"
• In reply to: Solomon, Frank: "RE: [logs] security animation - datamining experiment"
• Next in thread: Tom Perrine: "Re: [logs] security animation - datamining experiment"
• Reply: Tom Perrine: "Re: [logs] security animation - datamining experiment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 13 2003 - 12:39:20 PST