Norse has developed a network of 8 million sensors worldwide designed specifically to absorb various types of internet attacks. These sensors analyze the malicious traffic and trace it back to its source. This vast network of global trackers is called the DarkMatter Platform, and it delivers real-time threat tracking and intelligence within five seconds.
Norse provides this service to companies to protect their web services, but they also provide an amazing real-time view for everyone of malicious traffic at their comprehensive monitoring site. The view of ongoing attacks is amazing due to the sheer scale of the attacks, and their continuing nature highlights the intense threats companies face every day. The site identifies each type of attack, and DDoS attacks are easily visible as attacks from multiple locations worldwide converge on a single target.
The DarkMatter platform analyzes malicious traffic, including IRC, Tor, P2P, DNS, SSH, VPN, private IP and SOCKS proxies, assigned and unadvertised address spaces, among others. This covers the entire range of threats, and Norse crunches terabytes of data per day, and takes up to four years of historical data into account, to assign threat levels to provide a complete threat analysis.
Just from observing the attack traffic for a few minutes it quickly becomes apparent that the US is the biggest target, and the majority of attacks originate in China. With its 1.5 Billion IP addresses it makes sense that attackers focus on the US, but there are also numerous attacks that originate in the U.S. It is doubtful that all malicious traffic can be tracked. Many sophisticated groups, such as the NSA, are likely very adept at covering their activity.