The Italian Honey Project
The Italian chapter of the Honeynet Research Alliance
Legend
-
The firt layer of visualization are provided by Google Maps Api, the visualization methods used by the map are explained below:
- Map markers represents C&C, the IP coordinates are provided by GeoLiteCity database.
- Lines are used for linking different C&C that belong to the same botnet (under developement)
- Purple Red: Identified C&C
- Red : Unknow target
- Purple: Target IP Network Class where destination port is 80/tcp
- Orange: Target IP Network Class where destination port is 135/tcp
- Yellow: Target IP where destination port is 25/tcp
- Light Blue: Honeypot Source IP
- Green: General Services
- The traffic involved the 53/udp port has been parsed for visualizing the hostname provided by the DNS server.
The second layer of visualization are provided by AfterGlow. The link graph visualization criteria adopted are:
