The movie shown below shows a real cyber attack on a honeypot VOIP server extension. Now, it is one thing is to look at some amazing meaningful moving imagery, it is another is to fully comprehend it.
So here we go... The imagery shown is based on real data from a real attack. The 'balls' on the right represent some hacker attempting to crack a VOIP server. The balls on the left represent the server's response to the attack. The balls crash into each other and fight it out in the middle of the battlefield. The good balls do better, in this case. Although the attack is relentless and fast-paced, the volume of data from this one attack on a single IP/port (here UDP 5060 for SIP sessions) is really a drop in the ocean in terms of the wider internet. The visualization is created via a Ruby-based tool called "", which is specifically designed to visualize Apache web server logs in real-time.
With highly automated and blindingly fast scripting tools, crooks scan the internet looking for these VOIP servers. When found, the tool cracks the passwords on the extensions. Calls can then be made using these passwords. Victims only notice something is wrong when the next phone bill arrives, so there is a 1-2 month window in which the cracked address can be sold and used for illegitimate international calls.
More information is also available at the movie's author (which also includes an interesting study in ).
from on .
The movie shows HTTP traffic on some personal web sites. On the left side, each circle represents a hit on a website, pulled from Apaches access log and Rails' production log in real-time. A small circle is a small request, a big one is larger. The color indicates which site it came from. On the right hand side, each circle represents a requested URL or a hit from a referrer. The numbers show requests per minute, averaged over the last 10 minutes.