If most of these are untargeted attacks from infected old machines as he says, then why isn't it a lot more evenly distributed? There aren't a bunch of old XP computers running in China, Australia, Canada, Cental Asia, the Mideast, and Africa?
posted by cmoj at 1:32 PM on October 14, 2012

Yup. Right over my in-laws' house. Expect phone call in 3...2...1...
posted by hal9k at 4:11 PM on October 14, 2012 [1 favorite]

I think I changed my mind about honeypots. Last honeypot post I kinda likened them to letting thieves into your car to get their picture. It is still hard for the thief to steal your car but he is one step closer. Honeypots used to be pretty much full chrooted environments. Chroot was never really intended to be used that way. There is always a risk letting an attacker interact with your box in any way, including causing log files to be written.I think that by implementing extremely limited versions of frequently exploited protocols like SMB it is much much safer than running samba in a chroot sandbox. Increasingly it is like putting cars made out of cardboard in your driveway, the bots are too stupid to tell they are not real cars and try to drive them away.
posted by Ad hominem at 5:20 PM on October 14, 2012 [1 favorite]

been watching for thirty minutes. Show's how desperately dull Australia is (and me for that matter). Not a single attack. Probably more to do with the shitful state of internet speeds here.
posted by mattoxic at 6:13 PM on October 14, 2012

I have been keeping an eye on this site for a few hours.
and focusing on the US,
and I am surprised by how many attack computers are
coming from small towns.
...oh, and still haven't seen any attack from Australia.
posted by quazichimp at 1:04 AM on October 15, 2012

cmoj, the FAQ says this (with my own emphasis added):

Q. Is the data representative?
A. Kind of. Historically, this kind of visualization would be skewed by the sensor location but with newer attack code (e.g., Conficker) this is not true anymore as the attack target selection is randomized. This means that a country's chance of getting attacked by those randomized spread techniques only depends on the number of potential target IP addresses in that country. Consequently, red dots roughly depict reality when it comes to attacker location (regarding the type of attack which we capture). Also, our hpfeeds back-end is still young and not all sensors are connected to it. We have more sensors around the world than currently visible on the map.

posted by wenestvedt at 6:11 AM on October 15, 2012