Crazy Firewall Log Activity — What Does It Mean?
arkowitz writes "I happened to have access to five days worth of firewall logs from a US state government agency. I wrote a parser to grab unique IPs out, and sent several million of them to a company called Quova, who gave me back full location info on every 40th one. I then used Green Phosphor's Glasshouse visualization tool to have a look at the count of inbound packets, grouped by country of origin and hour. And it's freaking crazy looking. So I made the video of it and I'm asking the Slashdot community: What the heck is going on?"
I looked at the traffic by destination port and hour, and it looks like botnet activity: all of the traffic producing those stripes is aimed at either port 137 (windows networking) or no port (icmp). Thanks for your comment; this is the type of informed response I was hoping to get with my post.