Crazy Firewall Log Activity by Country and Hour

arkowitz writes: I happened to have access to five days worth of firewall logs from a US state government agency. I wrote a parser to grab unique ip's out, and sent several million of them to a company called Quova, who gave me back full location info on every 40th one. I then used Green Phosphor's Glasshouse visualization tool to have a look at the count of inbound packets, grouped by country of origin and hour. And it's freaking crazy looking. So I made this video of it and I'm asking the Slashdot community: What the frak is going on?

My first speculation is botnet sweeps

[almondo]

If I read your map correctly, it indicates that you see a series of worldwide traffic surges at various times. My first guess is that botnets are being triggered to perform orchestrated attacks. A while back we had the ssh slow scan attack vector arrive, but since that time I have observed that the slow scan aspect has dissolved and now they are using what appears to be a highly distributed methodology running at a very high rate of speed. I have seen peaks of several megabits coming from highly diverse