w/a/s/d
w/a/s/d
t
w/a/s/d
| Sensor Type | Sensor Name | Attack Type | Date | Source Country | Source City | Source Port | Destination Country | Destination City | Destination Port | Authorized Sensor | md5 Sum | Log |
|---|
"TraCINg" stands for "TUD Cyber Incident Monitor". "TUD" stands for "Technical University Darmstadt". The project was proposed by Emmanouil Vasilomanolakis from CASED (Center for Advanced Security Research Darmstadt) and was implemented by Matthias Gazzari, Annemarie Mattmann and André Wolski with assistance of Andre Mougoui on the sensor part in connection to a bachelor practical. In this context we would like to thank Christian Schowalter for his voluntary support in designing the Globe part of the project.
The project was created for you. You and every other person who ever comes to visit this website. While the topic of this project is monitoring cyber incidents coming from sensors the substance of it is sharing information and giving you just a little imprint of the possible danger outside there - on the Internet.
Our Project on Github: Cyber-Incident-Monitor
Related Projects: Hostage Mobile Honeypot
The data represented on this website is data collected by Sensors like Honeypots and Intrusion Detection Systems.
Honeypots are systems whose value lies in being probed, attacked or compromised. They can be classified with respect to the level of interaction they offer to the attacker. A low-interaction honeypot simulates network operations at the TCP/IP stack, while high-interaction honeypots are real systems that are vulnerable and heavily monitored.
For this project we are using a special class of low-interaction honeypots called malware-collectors. As the name implies these honeypots are targeting the detection of malware that are spreading over the Internet. Furthermore, a generic mobile low-interaction honeypot, called HosTaGe is also utilized.
An Intrusion Detection System monitors a host or a network for signs of intrusions manifested by malicious behavior or a violation of a security policy.
The recorded attacks are mostly those of malware. The unfortunate thing about malware is that it continuously spreads by searching (usually) random targets. So if you see an attack from somewhere don't make the mistake to automatically blame "these evil guys from XYZ" because they might not even know that they are attacking anyone (it might not be them but the malware on their systems). Because if your computer gets infected by malware and you connect to the Internet the malware will start attacking others from your computer. Incidentally of course it also has some very bad affect on your own computer like steal your private data, passwords and a thousand other evil things. So in fact if your computer is infected with malware (which is not very unlikely) it might be that by chance it attacks one of our sensors one day and your home town gets a nice red circle to remind you of it. Might be. Of course there might also be a very evil person somewhere below or near that red circle creating malware. One never knows, some people do.
Anyway the recorded data is, as you might have learned by now, data recorded by our sensors every time an attack occurs. This data is send to our server where it is stored in the database and also send to each client (like your computer). The client displays the data (for example to you). The communication between sensor and server is encrypted. Also sensors may be authorized or may not be. Those who are not are probably just enthusiastic people who want to provide collected data from their own sensors but who are not known to be trustworthy for the CA (Certificate Authority, your sensor needs a certificate to become authorized) or merely did not ask for a certificate. We marked those for you so you will be able to distinguish between authorized and unauthorized sensors. However this data represents an attack on one of our sensors only, mind you. There are many many more attacks happening somewhere else this very second. And your computer is always one of the targets the question is whether it is protected well enough.