Top Talkers

Figure 2.6 shows the top talkers on each of the networks. To see whether there are machines on the network that need special attention, either because they show up as targets of many attack attempts or they seem to be unusual aggressors.

Figure 2.6: Top 10 sources (green nodes) originating behind source MAC address 00:00:0c:04:b2:33, i.e., events triggered by internal machines. The red nodes show the number of times the source shows up.

Figure 2.7: Top 10 targets (green nodes) in the external network targeted by machines situated behind MAC address 00:00:0c:04:b2:33. These are all the internally originating events targeting systems in the Internet. The red nodes show the number of times the target occurs.

Figure 2.8: Top 10 sources originating behind source MAC address 00:03:e3:d9:26:c0. These are the top 10 systems on the external network attacking internal machines. The red nodes show the number of times the source shows up.

Figure 2.9: Top 10 targets (green nodes) originating from source MAC address 00:03:e3:d9:26:c0. This shows the top 10 machines in the internal network, targeted by external machine. The red nodes show the number of times the source shows up.

The ten machines in Figure 2.6 are machines on the internal network. There are potentially compromised systems, as already mentioned in Section 2.3. We will have a closer look at this in Section 3.3.