it's called day and night, idiot

@coldironhands1 Sorry, wrong answer. The interesting thing about this shite is that it DOESN'T correspond to day and night. Day and night happen at different times around the world, and this activity is coming from all over the world but stopping and starting in synchrony.

looks like guitar hero

yeah guitar hero lol red green yellow yellow blue geen together cool game maybe he was playing that and it froze so he took a picture

hi just saw this video,

the tool looks very helpful, is it self developed or is a comercial product ??

but regarding the stripes pattern it may be data pulling since its systematic without the application port you can never tell, though one thing is intersting the stripes started after a certain time they werent there in the begining of the graph,

i think you need to check the application ports, but good i like the conspericy theory behind it :)

Everyone in the world gets on Skype at the same time. lol

this is the new cyber BURBERRY design

Thank UPnP and gamers? Maybe the "state agency employees" are busy all day, say M-F screwing around on sites they aren't supposed to visit (notice the list of countries) Brazil always has VoIP and video conferences going, explains that! Or perhaps, if not initiated internally....these are automated responses, to some stimuli, seemingly beginning on a single date, and each country showing a similar rate of increase very suddenly, no?

Good theory but as this video shows, the majority of the traffic is port 137, port 53, and ICMP:

watch?v=4K4QmpTCtDc

By the way, without filtering US-originated traffic, all of this is completely drowned out by the huge humps of traffic from 8am to 5pm of the employees browsing the web.

the log is pretty much meaningless without context. What is the firewall sitting on - DOD or Disney servers? What do the packets contain - ICMP or fragmented packets? Are they malicious or just routine traffic? Cool log GUI though

Did you watch this one

watch?v=4K4QmpTCtDc

I think it helps explain what's going on. As far as what the firewall is sitting on, it's nothing so exciting as DOD or Disney.

cool thanks. global network activity analysis is interesting stuff. the activity does look automated. Can you analyse the packets - what's in them?

@arkowitz well if it was disney, they'd be havign their kids watch videos and shit when they wake up or go to be, if it's DoD it's cyber terrorists. You should back trace all of them and show the cyber police.

so wait you are saying that the US gov is holding a giant botnet in their hands. if it was that huge wouldent some other country's notice it and say something. and i am also a bit skeptical on how you got acess to a firewall log from a united states agency

It's not a US botnet. It's a botnet which lives all over the world and is based on infected Windows machines; it is people in other countries who have the ability to control this botnet.

I want to create a new kind of botnet which uses legitimate, voluntary participation (like SETI-at-Home) - called PatriotNet; this would give the US retaliatory capability. :) US citizens (or anyone else) could join their PC's to PatriotNet if they want.

What is that large blue spike seen at the start of the video between brazil and china? Also what was the country of origin?

That's a portscan from a machine in Canada; most likely the same one I looked at in detail here:

watch?v=4K4QmpTCtDc

I had a feeling you were going to say that...

can you get the out going activity of that same firewall i would like to see the graph compared to see if something is triggering them prior to the stripe

tell me what you make of this, if anything:

watch?v=a_PTIei-AVU

i dont rly understand this, some "inside job" again?

It's zombies (infected Windows machines all around the world) attempting to infect other machines. Watch this one:

watch?v=4K4QmpTCtDc

The port 137 traffic (netbios port) is a teltale sign of Windows infection attempts; the port 53 (dns) has been pointed out by folks on here and /. as a common mechanism for tunneling through firewalls (there is another firewall upstream from this one). Not sure if zombies use dns tunneling to infect or not. Also ICMP scanning seems to be going on.

are we doing the same to other country's?.

I suspect the US contains a large number of infected PC's, so yes. In terms of orchestrating and utilizing these botnets, I *think* that mostly happens outside US... so, tentatively, no.

next Q: do you think the us should participate more in this manipulation of data or mining of data?.

I think the US should maintain as deep as possible an understanding of both attempted and successful attacks on US infrastructure.

I am also in favor of US offensive capability, though of course it should not be used unless absolutely necessary. And I think the most powerful weapon in the cyber world is intelligence.

define intelligence?.do you mean the utmost iner workings of the cyberspace or is it more?.

Intelligence is knowledge of the enemy's infrastructure, strengths, weaknesses, capabilities, and intent.

Q: do you think that the us intell is applying its self.or do you think its lacking.because I get the impression that you think thy don't know whats going on.

Another question would be if they are inbound packets where are they originating?

They are originating from the various countries arranged down the axis on the left. Here's a video with more detail on these inbound packets:

watch?v=4K4QmpTCtDc

Interesting.

Windows up date lol

This appears to be some kind of DDOS raid against the firewall... Orchestrated not by all of the countries, but an online organization such as Anonymous...

Does he even know if the packets were actually received or dropped....doesn't meant much if they were dropped, since the firewall is working.

if you or anyone you know works for the government then you know that china and other countries actively and constantly try to hack into our military computers this is not knew news but at least you are bringing it to the public

Thanks for the comment? Awareness is a big part of why I put this up here. This next one gets into more detail on the traffic:

watch?v=4K4QmpTCtDc

Stripes over countries -> botnet attacks ?

It means one of two things.

A. The internet is getting more popular

or

B. US is about to get their ass inter-raped XD

Answer: D, not enough information.

Post 21hr call, what data sets or datum were, were not accessed. Even if there were not accessed, were these in some way manipulated by subsequent calls "preparing" them for transmission? Are responses generated through other machines with varying levels of trust enabling slices, slivers of data sets, datum to become accessible, downloaded to machines with varying levels of trust, therefore, whatever data sets, datum were being sought could have been reassembled somewhere, at some time.

to waste our time apparently.

im confuzed

Its a botnet. Whoever was controlling a bunch of zombies machines decided to taks a look at that particular time.

kinda interesting dude =)

Are you f*ing serious? 4:36 for this? it could have lasted 30-60 seconds. I wish I had my 4 minutes of my life back.

lol

Seriously, though. This sucks. You didn't even said anything that was slightly important

You hit the button on the guitar while "strumming" the switch and it makes it play Weezer on the xbox.

ahahaha

Say hi to the internet hero

have you heard of different timezones?

they maybe some ddos attacks botnets or something :>

What country is that huge tower from?

Canada... probably a portscan

probably the one I looked at here:

watch?v=4K4QmpTCtDc

tiger

maybe weekends?

that is one messed up guitar hero

@youtubezzz lmfao when i clicked this video thats wat i thought this would be

@youtubezzz lmao

So you are mapping the attack strategy of other countries ? They ping constantly looking for an open door and move in from there ?

So the patterns indicate the bureaucracy activity per nation state ...open and closed times.

It's not random , it's work , they are chasing after a chance to take control.

The more they know about the systems in general per local agency , the bigger and better any national attack could be , if orchestrated properly.

A stat. analysis could be rrevealing.

Make sure to watch this one (more detail):

watch?v=4K4QmpTCtDc

I would love to have access to the logs of multiple firewalls from around the country so I could correlate... also need to do deeper analysis to separate the hardcoded botnet recruitment activities from the control activities of humans in the various countries.

You are right; this is not random. Look at this one I did which looks at Chinese activity against this same firewall, by region:

watch?v=uvxKyw5joLA

Wow this is impressive. It could be a worm virus aimed to breach in, but if its so the perpetrator could be easily located, it could leave a trace. But how in the world did you acquire this data isn't this supposed to be confidential? this can not be true. :)

It *is* confidential :) I anonymized all internal ip's.

guitar hero

guitar hero? =P

@shingetters haha my first thaught too when i saw the vid xD

hmm... i think your rock band/guitar hero game froze... you might want to get that checked out.

I think it is infected windows machines attempting to infect more windows machines.

I agree with you on that statement, that is accurate.

@arkowitz

so do you think this is being done by rogue states?

This is why we have gobal breakdowns....Because we dont know what the hell were doing.

2:41, it shows philippines. wooohhhhhh, pinoy

oh my GOD!

...is that legal?

Ill tell you that its not Microsoft's crappy version of Command Line :--)))

intense amount of hacking via those countries.. i mean russai and china lead the way with hackers per caipita.

ooo, exciting.

uhm it's called people decide to send links to their friends and their friends happen to be on the internet too that are in real life whether they are planning on some super attack or not. not sure about packets though but you should get similar amounts from each country (and region in general) I'd assume.

wtf is this?? why so many views??

whats the point of this

cool, this should have better ratings :|

lol guitar hero.

@ xtremestunt - ha ha ha!

this is awesume

how the hell did you get classified government data

its not classified if they dont know :)

poor guy no one takes him seriously

its the god dam aliens

lol wow loser its a guitar hero thing

Wow your retarded

It's a guitar hero screenshot that hasn't fully loaded. Who do you think you're kiddin'?

@Stormbow lol

Your a retard

Y-o-u-'-r-e a retard.

Really, go back to school, kid. And maybe stop by Walmart on the way home and pick up a SENSE OF HUMOR. I hear they're on sale. But don't take my word for it, ask your mom; I hear she's there pickin' out your drawers.

he smarter than u dumass id bet its was hard to get that information. also u should not talk about ur self need to go to scool uuummm yeah hes not a retard u r

@Stormbow quite droll... droll indeed

@Stormbow right up there with "get a brain moran"

a stupidnewb lol u own

I don't understand this in the least, and as a Burger King fry cook, I would highly suggest you get a life. Loser.

I'm cool.

@AStupidNewb this guy is making 50 times the amount of money you are.

Probably a botnet doing a DOS together. Could be so many things tho!

I think it is a zombienet, but not doing a DOS - not high enough packet count as some have pointed out on here. I think it is the zombies trying to recruit additional zombies. Check out this video with more detail:

watch?v=4K4QmpTCtDc

port 137 is, of course, netbios... which is how most machines become infected

Zombie network doing a coordinated DOS?

if thats guitar hero, i dont think ur doin it right

@hellswings lol i also thought of guitar hero...btw epic comment xD

this is wher guitar hero got the idea (its an inc.)

Looks like a bot net that is using a coordinate clock to synchronize a DOS.

ITS WINDOWS AUTO UPDATE FOOL

I really don't think so. Here's a closer look:

watch?v=4K4QmpTCtDc

dude you suck at guitar hero

legend

ya know this guy stock piles guns!!!!!!!

durp durp durp durp durp durp durp durp durp durp durp durp durp durp durp durp

can someone tell me what all of this stuff means? lol idk how i even got to this video but im interested.....

this next video explains it better:

watch?v=4K4QmpTCtDc

watch it with the knowledge that port 137 is the typical infection orifice for windows boxen; and as some on slashdot said, port 53 (dns) is often used to tunnel through firewalls

OMG this must be the dullest mind numbing nonsense i have ever watched!

Mate do you ever need to get a life or what!

what a tard does anybody beleive this guy, he doesn't know what he is talking about.

What it means is at certain times there are peaks in the afternoon when everyone is awake, then peak dies down when at night as everyones asleep.... Thats really hard to understand.

@GlobalWTF

not that simple. this is worlwide sources. and like I said earlier the stripe section are more than likely a single or few persons, accessing via proxies with many clients simotaneously. when night in the us, it is day on the other side of the earth, and crackers, hackers sometimes work at night. the earth is not flat remember?

@GlobalWTF lol pwned by trepidity23 XD

neat

how the fuck did i end up on this vid?

0_o

Its gotta be on easy mode. AND HE'S STILL MISSING ALL THE NOTES!!

xD

goverment tracking

Not that I believe that you would post any data on youtube in order to get some "valuable" feedback... and not that I really do believe that we are dealing with any kind of firewall logging here... but if it would have been the case. Incremented activity which starts in various countries in absolute timed sync. Well, I would make a wild guess and call it Bot-net activity.

Is this what my older brother calls porn?

LoL some how i could agree that this looks more like a game then a fire wall database . what i want to know is how did you get hands on goverment data haha.

@lilly

LMFAO "is this guitar hero"

WHAT A RETARD

lmao thats what i thought first too :)

@vSNiiPeRzZ

Guitar hero for the NES or something

It IS guitar hero though. you're the retard

just a beta guitar hero programme :)

@overduminc beta means public testing for feedback of a 99% complete programme... what you are thinking of is a build

I'm 12 years old and what is this?

This is porn, boring aint it?

Meh.

who cares

it's a wow-signal! aliens are coming!

is this guitar hero

webservers get probed all the time. If youve ever run your own server, government or not then you know that many times a day youll get scanned/probed. There will be brute force attempts on SSH logins. Its common stuff. people do this randomly by running programs that go through ips and just start looking for holes. SO, this information doesnt say much

then why the fuck you watch the video, retard.

Mabey someone used the government internet to torrent...

Actually, I bet that it is just a simple DDoS attack.

"hundreds of packets an hour" hardly constitutes a DDoS attack. Unless you're connected with a 900bps modem I suppose ...

I second that^

this is useless without more information.

a) what song is this

b) what platform - xbox ps3 etc...

c) is this on expert or hard?

d) drums or guitar

let us know

this is interesting hmmm i dont really think there is any major meaning behind it

You said it was 5 days. was it monday to friday?? Cus maybe it just increases later in the week??

I think you'll find that it's just peak times in the different countries.

looks like guitar hero

Maybe the tech geeks are playing Guitar Hero with their firewall.

Through the fire and flame, obviously.

ITS THE NEW BURBERRY DESIGN

omfg this is like a conspiracy oO

are you a stil alife or were u shot by an FBI agent?

be aware.

The machines are becoming aware!!!!!!!!!

Outstanding work arkowitz now go back to building your Apollo 7 model, do you need any matchsticks?!?

isn't it because of the different time zones?

100 packets an hour from china and you consider this a big deal? are you serious? 1.5 billion people produce 100 packets an hour?

Thanks to feedback from many people, I made a better video:

watch?v=4K4QmpTCtDc

I started this with the assumption that every network everywhere is being attacked, all the time. I wanted to see if this would be visible, and sure enough, it is!

Just out of curiosity, why would you take this task on. Unless you had suspicion, that there was some sort of attack on your systems. If thats the case you probable found a virus on other peoples system, which is to start a DOS attack. Looks like theres not enough systems to cause it, but whatever date that first line starts, was probable the launch date. Good luck.

Cheers

You wouldn't expect DoS attacks to send only a couple hundred packets an hour from an entire country though. Most likely it'd be a probe from bots/worms established in those countries that had just received a new command set and was executing it. If it wasn't a new command set issued then you'd expect a more random scan pattern.

This is usless without info:

1) What firewall?

2) How did you get this info?

@Odenkay

1. A secret one

2. Very carefully

i'm from romania and i let my pc 24/24 and at 22;00-23:00pm i start bitcomet (download)

i'm not the only one doing this so probably because of the bitcomet (constant atac from virus) you get those stripes

guitar hero firewall log?

this needs a tronbike POV

Its all potrones neutrones electrones in wires thats internet. It takes 1.23 second to go around the world in the wires. everyone should be able to have 1000 mbit internet but no its slowed down thats the conspiracy

I noticed haiti was flat!

when the packets peak that useally means increased activity, ie WHEN PEOPLE ARE USEING THE INTERNET MOST, dear god use your head theres no conspiracy its just proof that more people use the internet whilst being awake than asleep.

excuse me while I go and stab my gonads with steak knife