Please view this series of videos showing how Glasshouse was used to reveal and explain unwanted activity within the network of a government agency. The periodic outbound ftp connections to the Netherlands, shown in the final video, are being investigated as a result of this process.
First look shows something is definitely going on.
Addition of country data makes some patterns really stand out.
Swapping in port as one of the visualization dimensions narrows down the causes.
Exploratory subqueries explain the majority of the traffic, and make a portscan from Sweden stick right out.
A look at outbound traffic to foreign countries reveals activity which must be investigated further.
Bonus: correlation of multiple datasets shows an interesting facet of traffic from China.
Copyright 2008 Green Phosphor LLC. Questions or comments? Email admin at greenphosphor.com sitemap
