A little flash movie showing a sample of traffic submitted to dshield within the last 5 minutes

Legend
The width of the line represents the number of packets sent between the two countries:
1 pixel: < 10 2 pixel: < 100 3 pixel: < 1000 4 pixel: < 10000 Note that at this time, there is no 'direction' indicated. The arcs are just connecting source and destination. Any motion is created by your viewer. Assume that countries from which a lot of lines originate are the country of the destination submitting the reports. The color indicates the packet type based on the following classification: Blue: Not categorized. Red: Well known services (Ports 80,53,25,22 ...). Yellow: Windows related traffic (Port 135,137,139... ). Green: P2P Traffic/Afterglow (Port 6881,6346,4672... ).

Well I heard from two customers today that are currently experiencing the effects of the MS06-040 worm. They’ve noticed quite a lot of traffic on port 445 and external connection attempt using IRC. For a full writeup please see the following link: MS06-040: BOLO — Be On the LookOut (NEW)

• Studying for my CISSP again — exam in Ottawa in December
• GCIH, GCFA, GAWN, on deck for Q1’07, Q2’07, Q3’07, respectively
• Presenting SANS StaySharp classes in Fredericton, NB starting in Q4’06

Stay tuned for more…