You are looking at the HoneyMap, a real-time world map which visualizes attacks
captured by honeypots of the Honeynet Project.
Red markers on the map represent attackers, yellow markers are targets (honeypot sensors).
This project is highly experimental and should be considered an ALPHA version. So far,
current Chrome and Firefox browsers should work fine. Opera, Safari and Internet Explorer
probably wont work. If you identify bugs or have feature requests, please let us know.
Technology
Authors
Frequently Asked Questions
What am I looking at? Is this real?
Yes, you are looking at real attacks which are
captured by our honeypot sensors. Those sensors emulate
vulnerable systems and record incoming attacks.
Sensors run
dionaea,
glastopf, or
thug.
Where does the data come from?
Some (by far not all) of our sensors publish their captures
to our internal feed system
(
hpfeeds).
The map backend subscribes to this feed and makes geo location
lookups on the corresponding IP addresses.
Is the data representative?
No! Not at all. The Honeynet Project has many more sensors
around the world, but only a few push their captures.
What is going on in Aachen?!
Most of the time, you will see attacks targeted against Aachen.
This is because our honeypot at RWTH Aachen University is very
active and captures attacks against hundreds of target IP
addresses. This does not mean that Aachen is attacked more
often than the rest of the world!
How can I participate?
If you are already a member of the Honeynet Project, you can
just publish your captures to hpfeeds and they will automatically
show up on this map. If you are not a member, you can run your own
copy of this map on your own server. Code is on GitHub
(LGPL license).
Why did you create this map?
Just for fun. We like visualization and we wanted to play
around with node.js/socket.io. This map was hacked together
in essentially 2-3 days.