<-- Advertise here.

The movie shown below shows a real cyber attack on a honeypot VOIP server extension. Now, it is one thing is to look at some amazing meaningful moving imagery, it is another is to fully comprehend it.

So here we go... The imagery shown is based on real data from a real attack. The 'balls' on the right represent some hacker attempting to crack a VOIP server. The balls on the left represent the server's response to the attack. The balls crash into each other and fight it out in the middle of the battlefield. The good balls do better, in this case. Although the attack is relentless and fast-paced, the volume of data from this one attack on a single IP/port (here UDP 5060 for SIP sessions) is really a drop in the ocean in terms of the wider internet. The visualization is created via a Ruby-based tool called "gltail", which is specifically designed to visualize Apache web server logs in real-time.

With highly automated and blindingly fast scripting tools, crooks scan the internet looking for these VOIP servers. When found, the tool cracks the passwords on the extensions. Calls can then be made using these passwords. Victims only notice something is wrong when the next phone bill arrives, so there is a 1-2 month window in which the cracked address can be sold and used for illegitimate international calls.

More information is also available at the movie's author Dataviz Australia (which also includes an interesting study in mouse movements).


Visualizing a cyber attack on a VOIP server from Ben Reardon, Dataviz Australia on Vimeo.

The movie shows HTTP traffic on some personal web sites. On the left side, each circle represents a hit on a website, pulled from Apaches access log and Rails' production log in real-time. A small circle is a small request, a big one is larger. The color indicates which site it came from. On the right hand side, each circle represents a requested URL or a hit from a referrer. The numbers show requests per minute, averaged over the last 10 minutes.


For current task I am researching how to visualise and assist the prevention of cyber attacks. I work at the Human Factors capability Advanced Technology Centre.

Thu 17 Mar 2011 at 4:57 AM

Outstanding visualization. It would be great to add some sort of alert/notification mechanism to it!

Sat 19 Mar 2011 at 7:37 AM
Commenting has been temporarily disabled.