Intrushield 3D Attack Visualizer
Kolasa 3Dip will allow you to send your SYSLOG alerts to a host running 3Dip and it will draw them in 3D space. The SYSLOG format is:
" ,$IV_SOURCE_IP$,$IV_DESTINATION_IP$,$IV_ATTACK_NAME$ <br> ".
In a nutshell you want to send a line per attack via syslog to 3Dip and it will plot it in 3D space including protocol and attack name.
Each IP address has a unique position in 3D space, infact the entire Internet has been plotted and when attacks occure they are draw accordingly. Similar networks will exist close together, the patterns you see have a logical organization to them and therefore meaning. For more information please visit:
Please note, this is still in development and may be buggy.