1

There are many "threat maps" online such as Norse, Fortinet etc serving accurate information of all kinds of attacks around the globe such as DOS, Scans, Pings, and many more.

  1. How accurate is this
  2. If i launched a big DDOS attack will this attack be visible
  3. Where do they get their data from, or where is it based on
Guest
  • 11
  • 2
  • I found [this question](https://security.stackexchange.com/questions/61992/norse-cyber-attack-map). Are there any updates on it? – Guest Sep 27 '19 at 20:19
  • They have to get their information from honeypots or from routers in the path of attacks. Honeypots are far easier to set up, as even though telcos aren't know for being secure, they do at least make a fuss when someone messes with their systems. Info from those sites is unlikely to be intentionally misleading, but it's also _very_ unlikely to paint a whole and accurate picture. – Ghedipunk Sep 27 '19 at 20:35
  • So in fact they just wait for incoming connections at a scale and determine which kind of threat it was due automatic processes analysing the data. – Guest Sep 27 '19 at 20:41
  • 1
    That's the most likely thing they do, yes. They don't publish their methods, as they don't want people to learn how to get around them. – Ghedipunk Sep 27 '19 at 20:48
  • This is going to be up to each of those vendors as to how they gather, what they gather, and if the type of attack you launch will be detected. – schroeder Sep 27 '19 at 22:15
  • Case in point: https://www.digitalattackmap.com/faq/ – schroeder Sep 27 '19 at 22:15

1 Answers1

3

... serving accurate information ...

I doubt that these information are accurate. There is some truth in it based on what vendors see from honeypots, from installations at customers and from public available data but the vendors don't really see or know everything.

The main point of such threat maps is to make it clear that there is sufficient danger on the internet in order to either sell more security systems or to justify the money already spend for existing installations. This also means that there is no need that these threat maps are fully accurate. They could even make up some data and nobody will really notice since nobody has the full picture.

In order to protect a specific network it is more relevant to detect what attacks target this network and not what kind of attack activity is currently out there in general. Some vendors have threat maps in their products which are based on the traffic directly seen by these installations and thus reflect the attacks against this specific network.

If i launched a big DDOS attack will this attack be visible

It depends on which kind of sources the specific vendor uses. A vendor offering world-wide DDoS protection will likely show it since this is the kind of attacks they fight. But again, the purpose of these threat maps is not to provide an absolutely true picture which include all current attacks.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424