Skip to content

Commit

Permalink
+ added server & fixed ipviking and norsecorp
Browse files Browse the repository at this point in the history
  • Loading branch information
@TingGe
TingGe committed Apr 21, 2016
1 parent c856b40 commit eadfa8e
Show file tree
Hide file tree
Showing 13 changed files with 2,239 additions and 1,473 deletions.
11 changes: 11 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
.project
.settings
*~
*.diff
*.patch
/*.html
.idea
*.DS_Store
node_modules
bower_components

49 changes: 36 additions & 13 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,36 @@
# data-visualization
数据可视化:基于d3.js

## 网络攻击地图

- Norsecorp

- Ipviking

## 访问者流报告

- Netflow:修改自 [netFlow](https://github.com/jdk137/netFlow/)

# data-visualization
数据可视化:基于d3.js

## 项目

### 网络攻击地图

- Norsecorp
- Ipviking

### 访问者流报告

- Netflow:修改自 [netFlow](https://github.com/jdk137/netFlow/)


## 运行

1. 依赖 [Node](https://nodejs.org/)[http-server](https://github.com/indexzero/http-server)
2. 在 server 目录执行 `npm install` 后,运行 `npm start` 启动(默认9999端口)
3. 在根目录执行 `http-server` 命令,依次到对应项目目录即可预览
4. 关闭命令窗口即可退出

## 反馈

[https://github.com/TingGe/data-visualization/issues](https://github.com/TingGe/data-visualization/issues)

## 贡献

[https://github.com/TingGe/data-visualization/graphs/contributors](https://github.com/TingGe/data-visualization/graphs/contributors)

## 许可

(The MIT License)

Copyright (c) Ting Ge [[email protected]](mailto:[email protected])

126 changes: 61 additions & 65 deletions ipviking/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,65 +1,61 @@
# 实时网络攻击地图 #

Realtime Attack Trackers

## 背景 ##



## Norse - IPViking Map 源码改进与解析 ##

Demo截图

![](doc/全球网络攻击截图.png)

Websocket实时通讯协议

Browser设置示例:

wsHost: "ws://64.19.78.244:443/", //WebSocket API主机
psk: "18c989796c61724d4661b019f2779848dd69ae62", //Sec-WebSocket-Key

![](doc/实时通讯协议.png)

Server推送数据示例:

{
"latitude": "30.58", //源纬度
"longitude": "114.27", //源经度
"countrycode": "CN", //源国家地区编码,参见 country-codes.csv
"country": "CN", //源国家,参见 country-codes.csv
"city": "Wuhan", //源城市
"org": "CHINANET HUBEI PROVINCE NETWORK", //源组织
"latitude2": "38.62", //目标纬度
"longitude2": "-90.35", //目标经度
"countrycode2": "US", //目标国家地区编码,参见 country-codes.csv
"country2": "US", //目标国家,参见 country-codes.csv
"city2": "Saint Louis", //目标城市
"type": "ipviking.honey", //仅标识地图类型,参见 [HoneyMap]("http://map.honeynet.org/")
"md5": "221.235.189.244", //源IP地址
"dport": "22", //攻击的端口,参见port-names.tsv
"svc": "ssh", //攻击类型(服务)名称,参见port-names.tsv
"zerg": "rush" //?
}


![](doc/实时通讯响应数据.png)


## 参考 ##


1. [http://map.norsecorp.com/](http://map.norsecorp.com/)

2. [http://map.ipviking.com/](http://map.ipviking.com/)

3. [Norse](http://www.norse-corp.com/): 实时、清晰地清晰地了解全球网络攻击

4. [Norse 博客](http://blog.norsecorp.com/)

5. [HoneyMap](http://map.honeynet.org/)

6. [Who’s Attacking Whom? Realtime Attack Trackers](http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/)

7. [Faux-3D Arcs](http://bl.ocks.org/dwtkns/4973620)

# 实时网络攻击地图 #

Realtime Attack Trackers

## Norse - IPViking Map 源码改进与解析 ##

Demo截图

![](doc/全球网络攻击截图.png)

Websocket实时通讯协议

Browser设置示例:

wsHost: "ws://64.19.78.244:443/", //WebSocket API主机
psk: "18c989796c61724d4661b019f2779848dd69ae62", //Sec-WebSocket-Key

![](doc/实时通讯协议.png)

Server推送数据示例:

{
"latitude": "30.58", //源纬度
"longitude": "114.27", //源经度
"countrycode": "CN", //源国家地区编码,参见 country-codes.csv
"country": "CN", //源国家,参见 country-codes.csv
"city": "Wuhan", //源城市
"org": "CHINANET HUBEI PROVINCE NETWORK", //源组织
"latitude2": "38.62", //目标纬度
"longitude2": "-90.35", //目标经度
"countrycode2": "US", //目标国家地区编码,参见 country-codes.csv
"country2": "US", //目标国家,参见 country-codes.csv
"city2": "Saint Louis", //目标城市
"type": "ipviking.honey", //仅标识地图类型,参见 [HoneyMap]("http://map.honeynet.org/")
"md5": "221.235.189.244", //源IP地址
"dport": "22", //攻击的端口,参见port-names.tsv
"svc": "ssh", //攻击类型(服务)名称,参见port-names.tsv
"zerg": "rush" //?
}


![](doc/实时通讯响应数据.png)


## 参考 ##


1. [http://map.norsecorp.com/](http://map.norsecorp.com/)

2. [http://map.ipviking.com/](http://map.ipviking.com/)

3. [Norse](http://www.norse-corp.com/): 实时、清晰地清晰地了解全球网络攻击

4. [Norse 博客](http://blog.norsecorp.com/)

5. [HoneyMap](http://map.honeynet.org/)

6. [Who’s Attacking Whom? Realtime Attack Trackers](http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/)

7. [Faux-3D Arcs](http://bl.ocks.org/dwtkns/4973620)

2 changes: 1 addition & 1 deletion ipviking/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
<head>
<meta charset="utf-8">
<title>网络攻击地图</title>
<link type="image/x-icon" rel="shortcut icon" href="https://avatars3.githubusercontent.com/u/4074517?v=3&s=40" />
<link rel="stylesheet" type="text/css" href="./styles/ipviking.css">
<link rel="stylesheet" type="text/css" href="./styles/flags.css">
<link rel="stylesheet" type="text/css" href="./styles/fonts.css">
Expand Down Expand Up @@ -183,4 +184,3 @@ <h3>Message Dialog</h3>
<script type="text/javascript" src="./scripts/presentations.js"></script>
</body>
</html>

4 changes: 2 additions & 2 deletions ipviking/scripts/ipviking.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ function hideMessage() {

// Websocket 设置
//wsHost: "ws://64.19.78.244:443/",
wsHost: "ws://127.0.0.1:8080",
wsHost: "ws://127.0.0.1:9999",
psk: "18c989796c61724d4661b019f2779848dd69ae62",
wsTimeout: 30000
};
Expand Down Expand Up @@ -2012,7 +2012,7 @@ function hideMessage() {

webSocket.onclose = function() {
//try to reconnect in 5 seconds
var interval = 5000;
var interval = 500;

wsDiscTime += 500;

Expand Down
Loading

0 comments on commit eadfa8e

Please sign in to comment.