Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Spinning Cube of Potential Doom

michael posted more than 10 years ago | from the wing-commander dept.

Security 161

An anonymous reader writes "This month's Communications of the ACM (does not seem to have a link to online text) has an article about The Spinning Cube of Potential Doom, a security visualization tool that I first saw at SC2003. The cube displays data from Bro along 3 axes and creates interesting visual results (port scans, barber poles, lawnmower). This definitely makes patterns in all that 'boring log data' jump out. This is a very interesting development, the ability to monitor in real time and replay historical security related information. Definitely a step towards the new types of tools we will need to secure hosts and networks."

cancel ×

161 comments

Sorry! There are no comments related to the filter you selected.

Is this cool? (0, Troll)

Hot Summer Nights (771962) | more than 10 years ago | (#9307487)

No, it's not.

The Modern Liberal (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9307489)

What It Means to be a Liberal.

The other day I found myself very puzzled.

I know what I believe, why I believe it, the philosophical foundations of my beliefs. I've studied everything from Karl Marx to Ludwig von Mises, from Friedrich Hayek to FDR, from Edmund Burke to Bertrand Russell, from Aristotle to Ayn Rand.

I understand modern conservative thought. I understand libertarian thought. I understand classical liberalism. What I can't begin to comprehend is modern liberalism. Maybe you can help me. As near as I can tell, to be a liberal:

You have to believe the AIDS virus is spread by a lack of funding.

IF there is a church that is valid, it has been pre-approved by the government.

You have to be against capital punishment but for abortion on demand ... in short, you support protecting the guilty and killing the innocent.

You have to believe that the same public school idiot who can't teach 4th graders how to read is qualified to teach those same kids about sex.

You have to believe that trial lawyers are selfless heroes and doctors are overpaid.

You have to believe that guns in the hands of law-abiding Americans are more of a threat than nuclear weapons in the hands of the Red Chinese.

You have to believe that global temperatures are less affected by cyclical, documented changes in the brilliance of the Sun, and more affected by yuppies driving SUVs.

You have to believe that gender roles are artificial but being gay is natural.

You have to believe that businesses create oppression and governments create prosperity.

You have to believe that hunters don't care about nature but pasty, fey activists who've never been outside Seattle do.

You have to believe that self-esteem is more important than actually doing something to earn it.

You have to believe there was no art before federal funding.

You have to believe the military, not corrupt politicians, start wars.

You have to believe the free market that gives us 500+ channels can't deliver the quality that PBS does.

You have to believe the NRA is bad, because they stand up for certain parts of the Constitution, while the ACLU is good, because they stand up for certain parts of the Constitution.

You have to believe that taxes are too low but ATM fees are too high.

You have to believe that Harriet Tubman, Cesar Chavez and Gloria Steinem are more important to American history than Thomas Jefferson, General Robert E. Lee or Thomas Edison.

You have to believe that standardized tests are racist, but racial quotas and set-asides aren't.

You have to believe second-hand smoke is more dangerous than HIV.

You have to believe Hillary Clinton is really a lady and Rosie O'Donnell is not really a man who is jealous of Tom Selleck.

You have to believe conservatives are racists but that black people couldn't make it without your help.

You have to believe that the only reason socialism hasn't worked anywhere it's been tried is because the right people haven't been in charge.

Looking back on my list, it seems shallow, muddled, contradictory, divorced of logic and a bit sadistic.

Well, then. If that doesn't describe the modern liberal, I don't know what does.

Re:The Modern Liberal (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9307787)

Yeah, I'll stick with everything on that list aside from the criticism of "Being gay is natural." It's still a mystery, but it does happen in animals (i.e. penguins, certain primates, dolphins), and it's supposed by some researchers that it's approximately 10% triggered by genetics and 90% by choice. Of course, there are those that just can't get aroused by the opposite sex, but can with the same sex, so maybe it's floating.

In other words, I'm pretty much conservative; but I still prefer to keep an open mind. Things like HIV and solar brilliance we can understand, but things like sexuality are beyond our current comprehension.

Also, "gender roles" are whatever a couple chooses them to be. If the woman wants to work, fine. If she wants to be a housewife, that's fine too. Nobody needs someone jumping up and yelling about how their "role" is a form of oppression, but they do need to choose what their role will be.

Yawn (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9307819)

here you go.

You have to believe the AIDS virus is spread by a lack of funding.
-This is true. Look at Africa's rate of infection. Now search for all the United States drug companies who refuse to lower the 400% American markup for the entire African continent.
We have the drugs, but Africa can't have them. Patents, you know.

IF there is a church that is valid, it has been pre-approved by the government.
-?

You have to be against capital punishment but for abortion on demand ... in short, you support protecting the guilty and killing the innocent.
-being against the death penalty is usually because the evidence is poor, many innocent people have been murdered by the state. DNA testing is changing this.

You have to believe that the same public school idiot who can't teach 4th graders how to read is qualified to teach those same kids about sex.
-you really shoud rephrase this into "idiots should not teach 4th graders about sex" in which most would agree.

You have to believe that trial lawyers are selfless heroes and doctors are overpaid.
-stupid

You have to believe that guns in the hands of law-abiding Americans are more of a threat than nuclear weapons in the hands of the Red Chinese.
-this is a stupid, false analogy.

You have to believe that global temperatures are less affected by cyclical, documented changes in the brilliance of the Sun, and more affected by yuppies driving SUVs.
-read the data.

You have to believe that gender roles are artificial but being gay is natural.
-post feminism has answered this critique, you arr a little late.

You have to believe that businesses create oppression and governments create prosperity.
-more free market versus socialism nonsense. Liberal is synonomous with progressive, not socialist.

You have to believe that hunters don't care about nature but pasty, fey activists who've never been outside Seattle do.
-you have a point, although Seattle is very near many large swaths of pristine wilderness. I have a feeling most people in Saettle are familiar with the nastural environment, first hand.

You have to believe that self-esteem is more important than actually doing something to earn it.
-this is to vague to reposnd to.

You have to believe there was no art before federal funding.
-stupid

You have to believe the military, not corrupt politicians, start wars.
-does not make sense. Politicians always start the wars.

You have to believe the free market that gives us 500+ channels can't deliver the quality that PBS does.
-1 to 5 major media monopolies is not the free market.

You have to believe the NRA is bad, because they stand up for certain parts of the Constitution, while the ACLU is good, because they stand up for certain parts of the Constitution.
-you have a point also.

You have to believe that taxes are too low but ATM fees are too high.
-Corporations pay only %10 of the federal tax in America. In 1955, they paid more than %50. Do you think a 10% tax rate is too low for corporations, while your white lower middle class ass is paying 35%?

You have to believe that Harriet Tubman, Cesar Chavez and Gloria Steinem are more important to American history than Thomas Jefferson, General Robert E. Lee or Thomas Edison.
-stupid

You have to believe that standardized tests are racist, but racial quotas and set-asides aren't.
-racial quotas are related to race, and you have a point here.

You have to believe second-hand smoke is more dangerous than HIV.
-Conservative insurance companies are the strong hand behind the smoking bans.

You have to believe Hillary Clinton is really a lady and Rosie O'Donnell is not really a man who is jealous of Tom Selleck.
-stupid.

You have to believe conservatives are racists but that black people couldn't make it without your help.
-Strom Thurmond was a rascist. Google Dixiecrat sometime. Many black people still dont make it.

You have to believe that the only reason socialism hasn't worked anywhere it's been tried is because the right people haven't been in charge.
-liberals aren't socialists.

Security is only one possible area for innovation (5, Interesting)

CreamOfWheat (593775) | more than 10 years ago | (#9307500)

When the eventual goal of having this data displayed in a real time setting the applications of usefulness will be startling. Data that had to be updated manually during the conference, will be available to researchers to do tci-square analysis to approximate the optimum network efficencies. Even use in the business sector and th ability to analyze huge databases will be quite amazing, although at least a half-decade down the road. Besides the primary educational aspect of the Cube, the secondary goal of the Cube will see fruition as to how investigate new techniques in visually analyzing network traffic and also to develop a tool that would potentially assist those involved with computer security. Really fascinating stuff.

Re:Security is only one possible area for innovati (4, Funny)

Laxitive (10360) | more than 10 years ago | (#9307737)

Besides the primary educational aspect of the Cube, the secondary goal of the Cube will see fruition as to how investigate new techniques in visually analyzing network traffic and also to develop a tool that would potentially assist those involved with computer security.

Yes. The Cube knows all. It will make everything all right again. The Cube has been sent to help us. We must trust the Cube.

All hail the Cube.

-Laxitive

Sorry, absolutely nothing of value to add to this. I just liked the way you referred 'the Cube' using proper-noun capitalization, and spoke of it as a single entity.

In Rod We Trust (2)

runlvl0 (198575) | more than 10 years ago | (#9308169)


All hail the Cube.

from "Deep Space Homer" [snpp.com]
Buzz: Homer Simpson was the real hero here. He jury-rigged the door closed using this.
Man 1: Hey, what is that?
Man 2: It's an inanimate carbon rod!
Everyone: Yay!

Time magazine cover: "In Rod We Trust"

Re:In Rod We Trust (1)

Laxitive (10360) | more than 10 years ago | (#9308577)

Man, I knew I was getting that from _somewhere_. I just couldn't remember where.

The Simpsons have infected my mind more than I can reasonably be comfortable with.

-Laxitive

Re:Security is only one possible area for innovati (1)

lawngnome (573912) | more than 10 years ago | (#9308055)

Another innovation I can see is hooking this kind of tool up to network aware objects, like those little spheres that change colors.

I can see it now...
admin: "oh crap the ball on my desk just turned red, Ill have to call you back..."

Re:Security is only one possible area for innovati (1)

Croaker-bg (784660) | more than 10 years ago | (#9308485)

Is it possible this could also be the solution to identifying the problem of auditing user groups on a system where the groups are nested? Select a file or directory and then have the magic cube display in 3 dimensions the access of a user based on amount of potential privilege with each associated group. The more privilege you have the closer to the center. This has always been such a pain as a security auditor to have to pick through spreadsheet after spreadsheet on poorly managed systems to see if a nested user has group access to something. Would be nice to do a quick find of everything and feed the cube the results. Put on your magic glass and poof ... you can now see who can touch your goodies!

Too bad... (4, Funny)

kdougherty (772195) | more than 10 years ago | (#9307504)

Too bad Cisco didn't have this a couple weeks ago when they needed it!

dude! (5, Funny)

eegad (588763) | more than 10 years ago | (#9307521)

I live in the spinning cube of potential doom. At least that's what my co-workers call it.

protect-o (1)

eegad (588763) | more than 10 years ago | (#9307688)

In fact, I was just talking to a coworker earlier about my new product idea. They need sanitary cube covers like those half ply protect-o toilet seat rings to protect the next victim from my blood, sweat and tears.

Re:dude! (3, Funny)

orthogonal (588627) | more than 10 years ago | (#9307829)

I live in the spinning cube of potential doom. At least that's what my co-workers call it.

It sounds like something "Robert S." [wikipedia.org] Rumsfeld would use to "persuade" "designated terrorists" in Abu Ghraib to talk.

I guess the use of "potential" in the title reminds me of so-called "Rumsfled Poetry" [wikipedia.org] :
"As we know,

There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don't know
We don't know."
--Rumsfeld, at a February 12, 2002, Department of Defense news briefing

Re:dude! (1)

tunabomber (259585) | more than 10 years ago | (#9307909)

Spinning, eh? That shouldn't be. Perhaps they should take away your swiveling chairs.

to the tune of yellow submarine... (1)

eegad (588763) | more than 10 years ago | (#9307928)

We all live in a spinning cube of doom!

(sorry, I'm infatuated with this phrase at the moment)

Spinning Cube of Doom? (5, Funny)

stratjakt (596332) | more than 10 years ago | (#9307526)

Sounds like the Time Cube. [timecube.com]

But then, you stupid ignorant mind-traitors cant understand time cube having been manipulated by your word god.

Re:Spinning Cube of Doom? (1, Funny)

Anonymous Coward | more than 10 years ago | (#9307592)

I'd rather just play GameCube.

Re:Spinning Cube of Doom? (1)

AnonymousTravis (775517) | more than 10 years ago | (#9307913)

Until they come out with the Spinning Cube of Certain Doom, I'm not even going to waste my time.

Re:Spinning Cube of Doom? (1)

jayhawk88 (160512) | more than 10 years ago | (#9308141)

Still the greatest webpage on the Internet.

Need new tool (5, Funny)

nizo (81281) | more than 10 years ago | (#9307531)

Now we need tools that scan in a pattern that causes little devil faces to appear inside the cube, just to freak the sysadmin out. Words could be fun too.

Re:Need new tool (1)

garcia (6573) | more than 10 years ago | (#9307615)

just hook this thing up to the fBSD webserver when it is posted on /.

Two birds with one stone.

Disappointment... (5, Funny)

The Human Cow (646609) | more than 10 years ago | (#9307539)

Man, when I heard it could display data along 3 axes I was hoping for a error message featuring a little projection of somebody saying "Help me Obi-Wan Kenobi, you're my only hope."
Sad.

Re:Disappointment... (1)

Too Much Noise (755847) | more than 10 years ago | (#9308320)

Then your neighbor Ben Kenobi would smack you with a DMCA-style lawsuit for unauthorized interception and decryption of a private message. On Earth, you're better off without it ^_^

Can anyone explain the data we're seeing? (2, Insightful)

Goobermunch (771199) | more than 10 years ago | (#9307543)

Okay, so I see the pretty pictures, but what do they mean. Can anyone explain how to interpret that data?

--AC

Re:Can anyone explain the data we're seeing? (1)

Goobermunch (771199) | more than 10 years ago | (#9307640)

Okay, I'm a tool. It helps if you click on all the links in the post, not just the pictures. I thought it was weird when I saw the cube picture twice . . . .

--AC

Re:Can anyone explain the data we're seeing? (1)

entrager (567758) | more than 10 years ago | (#9307706)

I think this goes without saying: RTFA.

But for the lazy. The vertical axis is port and the horizontal axis is IP. So the vertical line is a port scan, a horizontal line is a scan across all IPs for a specific open port. The "barber pole" scans show an interesting technique in which a scan increments both IP and port with each attempt, obviously in order to fool detection mechanisms. The "lawnmower scan" is a multi-IP port scan, which creates a rectangle.

Re:Can anyone explain the data we're seeing? (4, Informative)

upside (574799) | more than 10 years ago | (#9307732)

It sets three variables onto three axes to show network traffic between your network and the net:

1) Your IP range
2) The entire IP range
3) Destination port

It's useful for things like picking up semirandom port scans that you might not detect based on textual data (see "barber poles").

Entire para:

"The Cube takes this connection information stored in the Bro files and displays it in a graphical format which can be more readily understood by people who are unfamiliar with networking and computer security techniques. The 'X' axis of the display (shown in red) represented the SCinet address space, which ranged from 141.221.128.0 - 141.221.255.255. The 'Z' axis (shown in blue) represented all possible IP address space (0.0.0.0 - 223.255.255.255). Multicast traffic (224.0.0.0 and above) was not displayed. The 'Y' axis (shown in green) represented the port number number (0-65535). Some well known port numbers include 22 (ssh), 25 (smtp), 80 (http). "

One of the best Cubes (0)

Anonymous Coward | more than 10 years ago | (#9307544)

is this Cube [netflix.com] .

Re:One of the best Cubes (1)

DrMrLordX (559371) | more than 10 years ago | (#9307771)

This [imdb.com] is not the best Cube.

Re:One of the best Cubes (1)

ajlitt (19055) | more than 10 years ago | (#9307895)

Nah, it's this Cube [imdb.com] .

Does this have to do with (2, Funny)

BodyCount07 (260070) | more than 10 years ago | (#9307549)

this [pon.net] cube of doom?

No, it has to do with.. (3, Funny)

Conspiracy_Of_Doves (236787) | more than 10 years ago | (#9307969)

this one [scifilm.org]

bah (2, Funny)

mrtroy (640746) | more than 10 years ago | (#9307552)

This is old news.

Security companies are just reacting to Swordfish...which used the opposite tool...it was spinning cubes that joined together when you successfully exploited the system.

Re:bah (2, Funny)

DoctorDeath (774634) | more than 10 years ago | (#9307603)

Swordfish brought to life was my first thought. A poor graphic representation of programmers code is now a reality. What's next flip open communicators? Oh wait...

Uuuuh, swordfish! (1)

SoTuA (683507) | more than 10 years ago | (#9307607)

uuuh, swordfish!

I want my n-monitor system with that funny IDE that lets you code exploits with on-screen spinning lego and gets you fine wines and a hot babe like Halle Berry.

Re:Uuuuh, swordfish! (1)

QuijiboIsAWord (715586) | more than 10 years ago | (#9307698)

Will you settle for lincoln logs, a 6-Pack of beer and a skank? If so, you can just get an e-Machine.

HALLE BERRY LIEKS TEH CHILLI! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9307964)

I liek a woman who can FART!! [teenhollywood.com]

I wonder.... (4, Insightful)

telstar (236404) | more than 10 years ago | (#9307559)

Wonder if they've got one of these monitoring DOS attacks now that they've been posted on Slashdot.
Here's [nersc.gov] the 31 meg AVI if you want to make it spin faster.

Re:I wonder.... (2, Informative)

itwerx (165526) | more than 10 years ago | (#9308456)

Here's the 31 meg AVI if you want to make it spin faster.

Link is dead already (they yanked the file). :(

If this continues... (4, Interesting)

Kirijini (214824) | more than 10 years ago | (#9307561)

If this becomes a trend, and "Secutiry Visuallization Tools" become widespread... then people will begin to say that movies like Hackers and such were just "before their time."

Do we really want that?

Re:If this continues... (4, Interesting)

TigerNut (718742) | more than 10 years ago | (#9307918)

It's pretty inevitable. There will always be extensions to today's technology, and likewise there will be visionaries (authors and screenwriters) who will try to imagine what that extended technology will look like and what it will feel like to use it. The visual scanning is pretty cool. What if you took a port-access logger output and assigned to each port a particular note, duration, or loudness? You'd hear white noise for the most part, but any nonrandom access would quickly be evident as a chirp, whistle or popping.

Re:If this continues... (1)

0x0d0a (568518) | more than 10 years ago | (#9308461)

I remember when I used to think that people would be driven nuts by stupid, unnecessary animations all over their desktop. Well, *I* still am, but there are plenty of people that use Aqua.

Of course, Apple didn't put in "per keystroke sounds", so maybe it isn't as bad as one would think.

OTOH, Aqua+AIM with clicky keystroke mode enabled *is* equivalently annoying.

Doom4Dogs (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9307567)

This message brought to you by the National Association for Humane Action for

Dogs and the Euthenasia for Canus Familourous Association. Gadgets For The

Elimination Of Dogs is announcing a BRAND NEW product designed to exterminate

canine pests of all sizes. Our economical K9Zap product retails for just

$49.95 and takes only 2 seconds for a 60 lb dog. Our $5 bakers chocolate

will kill up to 500 lbs of dog per package!

Gadgets For The Elimination Of Dogs is a division of ECFA (Euthenasia for Canus Familourous Association). The GFTEOD/ECFA would like you to do one thing - KILL A DOG. By KILLING A DOG, you will ELIMINATE one USELESSLY RESPIRATING animal from this planet. Are you TIRED of having your TAXES increased? Humane Societies cost our country over $100 million annually. By eliminating DOGS, this money can EDUCATE OUR KIDS. OVERPOPULATION of DOGS is RAPANT in this country. Take a stand! Help rid this INFESTATION. KILL A DOG

TODAY!!!!

Have you ever stepped in DOG DOO-DOO [k9treat.com]

Are you MAD? [apa.org]

Do you KILL DOGS? [friendsofdogs.net]

Are you a MAD DOG KILLER? [k911emergencies.com]

If you answered "YES" to any of the above questions the ECFA (Euthenasia for Canus Familourous Association) is for you! Why change your sexual lifestyle or change your skin color to join an EVIL ORGANIZATION when you can simply INCREASE OUR SUPPLY OF O2! Did you know that DOGS turn BENEFICIAL O2 into CO2 simply to gain their energy to bark, drool, and howl? They ACTUALLY BOND their carbon TO OUR OXYGEN SUPPLY!!! One dog can waste 2 moles of O2 PER HOUR! This country has MANY UNWANTED, ABANDONED DOGS that WE ARE PAYING MONEY TO KEEP ALIVE. We are FEEDING them our food supply while making the homeless STARVE! By using a Dog Killing Gadget, a dog can be turned into beneficial food, helping us all. We let children go hungry yet feed our **UNWANTED** dogs like royalty.

Do you own a dog? Are you tired of its mess? Then get it euthanized. Euthanasia is a painless way for a dog to... terminate. However, it can be too expensive to buy these drugs for the LARGE NUMBER of DOGS in the HUMANE

SOCIETIES. It is thus proposed that these dogs be turned into food for the homeless.

WANT TO SUPPORT THE ECFA? Simply form picket lines around your nearest humane society or gain a FIRST POST on /. to join our club. If you have MOD POINTS and would like to support the ECFA, moderate this post UP.

==This post brought to you by proud dog killer PickaBu on EFNET.

Working in a cube farm is hard enough (2, Funny)

Anonymous Coward | more than 10 years ago | (#9307582)

Now I have to figure out how to get in and out while it's spinning?

And it's a good damn thing I've got a wireless LAN connection, so my cat5 cable won't get all twisted up.

Re:Working in a cube farm is hard enough (2, Funny)

MissTuxie (722948) | more than 10 years ago | (#9307666)

You're complaining? Try to get out of the... HYPERCUBE!! [imdb.com]

Re:Working in a cube farm is hard enough (0)

Anonymous Coward | more than 10 years ago | (#9307736)

HELP! HELP!.. I Am all bound up in my network / Phone cables.. HELP!

On another thought ... a spinning cube would that count the spins from drinking to much???

Irken? (1)

Kenshin (43036) | more than 10 years ago | (#9307595)

The Spinning Cube of Potential Doom?

That sounds like a tool used by the Irken Armada.

Re:Irken? (0)

Anonymous Coward | more than 10 years ago | (#9308134)

it's zim's newest plan to get rid of dib. it has the potential to spell doom for dib if dib doesn't spin it just right.

I beg to differ (5, Insightful)

broothal (186066) | more than 10 years ago | (#9307601)

"Definitely a step towards the new types of tools we will need to secure hosts and networks."

I'm sorry, but I do not agree. While it makes it easy to visually detect intrusion attempts, it is of no use in the daily life of a BOFH. I have the responsibility of quite a number of machines. Most of the time, they don't require attention. So I don't pay them any. Then, once in a while, something extraordinary is happening, and I'm being alerted by an automatic monitoring system. That means I can use my day on all the important things (like hanging out on IRC etc). Visualizing network intrusion attempts is cool, but it's not a tool for me.

Re:I beg to differ (1)

dashersey (751215) | more than 10 years ago | (#9307697)

What about attacks that *don't* produce extraordinary behavior but might be visible in the logs with the right filter (visualizer?)

Kind of like the shadowy figure snooping through the halls while the security guard dozes at the monitor. The alarms are only going to ring if he lobs a grenade....

The human mind: A better monitoring system? (4, Interesting)

zipwow (1695) | more than 10 years ago | (#9307782)

I think the point of this interface is that the data is more easily interpreted, allowing the human-user to notice patterns that automated scripts would miss. This could be done either in real time, or as a visualization tool for historical files. The latter usage seems like it would be of interest if you're trying to determine the source of a break-in.

For real-time monitoring, your point about mutliple systems is very valid, but what if this approach could be scaled up to allow you to visually inspect the whole system for a number of problems? Perhaps an entire array of cubes, each for a subnet or an individual system, focusing on those that pique your interest.

This idea may be able to mesh with the glanceable objects [wjla.com] idea (just the idea, not their chicken egg specifically). If it is informative enough, it could allow you to periodically check some aspects of your whole system for things that you either can't write scripts to do, or don't have time to write scripts for.

-Zipwow

Re:The human mind: A better monitoring system? (2, Interesting)

Danny Rathjens (8471) | more than 10 years ago | (#9308373)

Precisely. Using the human mind as a filter is the whole point. There is also a project called peep [auralizer.com] that does this with sound.
Peep - Allows real-time aural monitoring of network information Peep aims to represent network information in real-time (and therefore eliminate searching through large logs of information to find problems) by using sound to represent the vast amount of available information about network status and to help identify network problems and irregularities.
The project looks a bit stalled, but it's still a really cool idea. You could probably find some stories about it in /. archives too, ;) I thought it was neat that apparently nasa follows this philosophy with sounds for astronauts to filter/interpret on the space shuttle.

Re:The human mind: A better monitoring system? (1)

wolfbane01 (648611) | more than 10 years ago | (#9308592)

Reminds me of the movie Contact, wherein Jodie Foster's character felt that she could do better at listening to patterns in static then a whole bank of specialized machines could. Point being this is a very interesting system, but would it really be of any use to an admin who would have to sit and stare 24/7/365 at the display?

Why not put together an audio interface to the Bro system so you could hear when there were problems? It would certainly be a heck of a lot less disruptive.

Re:I beg to differ (5, Insightful)

Minwee (522556) | more than 10 years ago | (#9307800)

The daily life of most admins include something called "Talking To Managers".

Having a shiny toy with brightly coloured lights on it is a vital part of that excercise for many of us. We NEED this. We NEED it to have the Fisher-Price logo on it and play short musical bits when you push on the buttons. We NEED to be able to say "Here is a pretty picture. You like pretty pictures, don't you? The brightly coloured parts show bad people. Oooh, brightly coloured. Look at the picture. Do you like the picture? Good, now there are a few things we need to discuss about next year's budget..."

Automated monitoring systems that handle problems for you make you (and themselves) look unnecessary. Pretty pictures with lights can be used to show everybody you work for just how important you really are.

What's the use for detecting port scans? (1)

upside (574799) | more than 10 years ago | (#9307933)

I wonder about this sometimes. There are so many port scans and intrusion attempts they aren't worth getting you knickers in a twist about. All the non-necessary ports are blackholed anyway.

What I do worry about are the connections that take place with actual open services. They are the ones that ought to be monitored for foul play. Log checkers and proactive HTTP request sanitizers are more use there.

Re:I beg to differ (0)

Anonymous Coward | more than 10 years ago | (#9308213)

This visualizer doowacky is a supliment to other network monitoring systems. you could have an old computer with a small monitor that only displays the cube. a glance at the cube could alert you to something happening. or your automatic monitoring system tells you somethings happening but you can't figure out where, so you look at the cube for a minute. I dislike the whole "here's a new thing that looks like it will replace my old tools and won't let me work thing" mentality. old + new = nolewd

Re:I beg to differ (1)

DanielMarkham (765899) | more than 10 years ago | (#9308229)

I agree that this is so much nonsense.

Speaking as someone who just had to create a representation of multidimensional data, guess what? People want little smiley faces, not the spinning Octabhedron of Eternal Sunshine, or whatever.

The human mind can only process so much information. I've found that once you go into 3-D, unless it represents some other, more familiar 3-D object the brain can recognize, it's just so much noise. But very pretty noise.

Re:I beg to differ (1)

joyof (702747) | more than 10 years ago | (#9308554)

The human sense/processing system includes an amazing pattern-recognition ability. A brief survey or current computational efforts in pattern recognition very quickly illustrates this. Consider face or speech recognition. These are not trivial tasks, and yet very specialized systems in our biology perform them (more or less) instantly, without conscious effort. Or consider a game of chess. Fast computers can calculate all positions five or ten moves away; humans can see sequences of as many moves along certain lines of play--based on observed patterns in the game.

Human perception and processing systems have millions of years--stretching back into the mammalian systems we've built on--of pedigree within them. I am personally loathe to discount them in favor of automated scripts.

I think that finding ways of presenting data in forms that capitalize on human pattern recognition is a fantastic idea, and that more work should be done in the area.

Just like in Tron! (2, Funny)

beatleadam (102396) | more than 10 years ago | (#9307637)

The cube displays data from Bro along 3 axes and creates interesting visual results (port scans, barber poles, lawnmower).

"So Cube...do you see anyone invading us from the 201.163.x.x range?" "YES"

"That's Tron. He fights for the Users."

virtual ICE? (4, Interesting)

dashersey (751215) | more than 10 years ago | (#9307642)

This is evocative of william gibson's concept of ICE -- in a massively distributed computing environment with a direct-brain virtual-reality interface as primary, you interact with security systems visually.

They appear as complex crystalline structures with no obvious holes other than the known authentication interfaces.

Those who hack/defeat them are called "icebreakers" and they use software which has its own visual attack signature to distract or deflect(overload/DNS attack) the ice or to find hidden cracks (exploits)

Visionary stuff (pun partially intended).

Re:virtual ICE? (3, Informative)

scrytch (9198) | more than 10 years ago | (#9307924)

Give Gibson's work another read: it's just the "cowboys" who got an interface that direct, it required very expensive and specialized neurosurgery to install, and it required quite a bit of special firmware to create the visualizations, some of which would probably have been simply visual flair ala "skins", perhaps created in order to harness psycological reactions to perception (e.g. make the stuff you scan as "dangerous" look really baaaad) .

He also mentions that ordinary people got something a good deal more pedestrian, more like the Metaverse than Gibson's Matrix (or as we might say now, more like the Matrix than the funky green overlay Neo got ... I'd stay away from using those movies for parallels tho).

Re:virtual ICE? (2, Insightful)

James Lewis (641198) | more than 10 years ago | (#9308551)

I disagree. Gibson's whole description of icebreaking was interesting science fiction, rather than something that was really attempting to make an informed guess on how future computer systems would work. For one thing, users could be killed by the security systems through their connection. It seems increadibly unlikely to me that this would ever occur, since any system connected to the internet should be able to handle disconnections, and so one could be produced on purpose the moment trouble showed up. But obviously, it made for a much more exciting plot. The same goes for the visual stuff, it's a lot more interesting than someone spending days maticulously banging away at a system. Gibson's a great author, but I think it silly to give him credit for things he obviously didn't intend in his books. By is own admission, Gibson is no techie [philly.com] . He writes fiction, and trying to pull deeper meaning (or predictions of the future) out of it is a waste of time.

what a great name (3, Interesting)

surreal-maitland (711954) | more than 10 years ago | (#9307643)

it looks like a great tool for ferretting out new styles of attack, even though it's use to an individual trying to protect his/her network is rather limited. the automated system that someone else mentioned sounds much more useful.

This sounds like (-1)

Anonymous Coward | more than 10 years ago | (#9307700)

some kind of high tech magic 8 ball to me. Constantly telling me to "try again later".

check out the video! (1)

spoonyfork (23307) | more than 10 years ago | (#9307751)

Re:check out the video! (1)

upside (574799) | more than 10 years ago | (#9307809)

Like a 3D spectrum analyzer! Now we just need a sound generator that produces music from the data.

If it's leisurely elevator music you're all hunky dory but if it escalates to 200bpm hardcore acid techno you know you're fucked.

Re:check out the video! (2, Informative)

JebuZ (565392) | more than 10 years ago | (#9307931)

Same thing [akamaitech.net] , but hosted by Akamai9 (faster).

If only I had this when... (2, Funny)

teamhasnoi (554944) | more than 10 years ago | (#9307759)

I was hacking teh Gibson, *I* would have gotten in Acid Burn's undies. :(

Oh no! (1)

Deaden (649643) | more than 10 years ago | (#9307764)

The Borg finally have the technology from The Last Starfighter! We are doomed!

I wonder... (3, Funny)

daemonc (145175) | more than 10 years ago | (#9307765)

I wonder what the 3D graph of a Slashdotting looks like...

Re:I wonder... (3, Funny)

aliens (90441) | more than 10 years ago | (#9307925)

Actually it's not so much a 3D graph as it is a flatline of the server's heartbeat.

Re:I wonder... (1)

tntguy (516721) | more than 10 years ago | (#9308026)

Possibly something like this [66.102.7.104] .

That's a Google Cache link for those not keeping track.

Remember! (5, Funny)

telstar (236404) | more than 10 years ago | (#9307786)

Warning: Pregnant women, the elderly and children under 10 should avoid prolonged exposure to the Spinning Cube of Potential Doom.
Caution: the Spinning Cube of Potential Doom may suddenly accelerate to dangerous speeds.
the Spinning Cube of Potential Doom Contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at.
Do not use the Spinning Cube of Potential Doom on concrete.

Discontinue use of the Spinning Cube of Potential Doom if any of the following occurs:
Itching
Vertigo
Dizziness
Tingling in extremities
Loss of balance or coordination
Slurred speech
Temporary blindness
Profuse sweating
Heart palpitations

If the Spinning Cube of Potential Doom begins to smoke, get away immediately. Seek shelter and cover head.
the Spinning Cube of Potential Doom may stick to certain types of skin.

When not in use, the Spinning Cube of Potential Doom should be returned to its special container and kept under refrigeration...

Failure to do so relieves the makers of the Spinning Cube of Potential Doom, Wacky Products Incorporated, and its parent company Global Chemical Unlimited, of any and all liability.

Ingredients of the Spinning Cube of Potential Doom include an unknown glowing substance which fell to Earth, presumably from outer space.

the Spinning Cube of Potential Doom has been shipped to our troops in Saudi Arabia and is also being dropped by our warplanes on Iraq.

Do not taunt the Spinning Cube of Potential Doom.

the Spinning Cube of Potential Doom comes with a lifetime guarantee.

the Spinning Cube of Potential Doom

ACCEPT NO SUBSTITUTES!

Re:Remember! (3, Informative)

delus10n0 (524126) | more than 10 years ago | (#9308168)

At least give credit where credit is due [wikipedia.org] !

Re:Remember! (1)

telstar (236404) | more than 10 years ago | (#9308298)

Sorry ... I assumed everybody was aware of Happy Fun Ball...My Bad.

SGI did this years ago (3, Interesting)

green pizza (159161) | more than 10 years ago | (#9307814)

Back in the "what possible use would anyone have for 3D?" days, Silicon Graphics made gobs of 3D utilities such as this. Many exist today as viewers for their (awesome) Performance CoPilot system for IRIX and Linux. Over time they learned that most admins perfer text most of the time. But man, fddivis on a large monitor sure does make the NOC look way more productive to the suits!!

They even had a 3D intra-website link manager at one time!

Video of the cube in action (0, Redundant)

SassyDave (557868) | more than 10 years ago | (#9307821)

See the cube in action here [nersc.gov] .

Cube... confusion (1)

mauthbaux (652274) | more than 10 years ago | (#9307870)

From the title, I made the quick assumption that this was either talking about the borg from star trek (quite confusing) or some variation on the rubik's cube, (which has baffled people since it came out). I was quite surprised to see security software instead (which is inherently confusing for almost everyone except slashdotters)...

And I quote: (0)

Anonymous Coward | more than 10 years ago | (#9307874)

"Code is currently not available, sorry!. I plan on releasing the source as soon as I get a version that is more polished."

release early and often, Im certainly not going to use something that claims to be a "security" tool if I cant view the source to see for myself just how "secure" it is. the whole point of having an open source community is so others can help you polish that code for later releases.

"put the [code] on the floor and back away slowly, sir. we can take it from here :)"

Re:And I quote: (1)

0x0d0a (568518) | more than 10 years ago | (#9308402)

release early and often, Im certainly not going to use something that claims to be a "security" tool if I cant view the source to see for myself just how "secure" it is.

No, see, it's a private joke. The "Spinning Cube of Impending Doom" roots your network operations center, thus resulting in your doom.

Gleming the cube (0, Offtopic)

Orion Blastar (457579) | more than 10 years ago | (#9307875)

those web sites didn't work. The urls have been Slashdotted already.

Want to destroy a site's bandwidth, post a URL to it on Slashdot. :)

Re:Gleming the cube (2, Funny)

k98sven (324383) | more than 10 years ago | (#9308072)

those web sites didn't work. The urls have been Slashdotted already.

Yup. And they're .gov top domain!
Given the PATRIOT act, does this mean we're all terrorists now?

I'll get the "Free Taco!" campaign started right now, just in case. We can only hope the general public will misunderstand.

(I'm hungry, so?)

Spinning cube of death (0)

Anonymous Coward | more than 10 years ago | (#9307889)

would sound more interesting. The spinning cube
of potential doom sounds like a Humvee on an
icy road.

Missing the point? (4, Funny)

Hythlodaeus (411441) | more than 10 years ago | (#9307892)

Did someone just discover that data can be graphed? What is the innovation here?

Re:Missing the point? (1)

telstar (236404) | more than 10 years ago | (#9308090)

"Did someone just discover that data can be graphed? What is the innovation here?
  • Shhhhh! Hear that? It's the sound of the big hand hitting the 3.

Someone discovered logfiles can be graphed (0)

Anonymous Coward | more than 10 years ago | (#9308311)

And what's more, that they can be graphed in a way that leaves human-recognizable patterns. That sounds pretty innovative to me. It's like discovering that you can distinguish a Beethoven composition from a Bach because the Bach tastes more like mango.

in soviet russia... (-1, Troll)

ph4s3 (634087) | more than 10 years ago | (#9307905)

we saw this back in the early 90s in a documentary named "h4ck3r5".

all your cube are belong to us.

Boon to social engineers! (5, Funny)

stratjakt (596332) | more than 10 years ago | (#9307927)

Got some slick, nobody's fool sysadmin you need to get past?

Well, cook up a portscan that will look like a giant, spinning Mr Goatse, or some racial slurs, etc..

Boss walks past, geek gets fired, replaced by bosses moron nephew who is more than happy to give you the keys to the server when you call and identify yourself as the Hamburglar.

The borg (1)

British (51765) | more than 10 years ago | (#9307940)

Reminds me of the "screen display" system teh Borg had in ST:TNG. They had several external images of the starship battles arranged on a rotating cube. Fits their ship.

I wonder... (1)

jmrobinson (660094) | more than 10 years ago | (#9307950)

I bet they didn't think of the potential doom of getting posted on slashdot. What would the cube look like as they are getting slashdotted? I'm thinking implosion would be cool...

the first rule of Spinning Cube of Potential Doom (1)

ph4s3 (634087) | more than 10 years ago | (#9307970)

...is don't talk about Spinning Cube of Potential Doom. You must now be punished for breaking the first rule.

Old stuff, new usage (4, Interesting)

bellwould (11363) | more than 10 years ago | (#9307989)

Visible Decisions (acquired by Visual Insights in 2000) has been doing graphical visualization for 15 years - check this [advizorsolutions.com] out for a demo.

This and the orb? (3, Interesting)

novakane007 (154885) | more than 10 years ago | (#9308142)

Remember the ambient orb [ambient411.com] ?
Thinkgeek used to sell them, but I couldn't think of something I would find it useful for. This would be perfect. Just have a globe on your desktop that changes colors based on the data provided by the cube matrix. If the orb starts turning crimson, you know that that your network is in need of administrative attention.

It's interesting, alright - to HOLLYWOOD... (3, Funny)

Digital Avatar (752673) | more than 10 years ago | (#9308159)

...I can see it now:

I know this... this is UNIX!

Would you like to play a game>

Data visualization using Strange Attractors (4, Interesting)

freelunch (258011) | more than 10 years ago | (#9308192)

About 18 months ago, Slashdot posted an article The Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release [slashdot.org] with a nice collection of unconventional networking tools.

Included was a very cool tool, Phentropy, for visualizing arbitrary data using Strange Attractors. You may recall a paper [coredump.cx] on TCP/IP Sequence number analysis that highlighted the usefulness of Strange Attractors for data visualization.

Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS [sourceforge.net] . Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space.

OpenQVIS is a neat package and could fill a lot of arbitrary data viz needs.. But damned if I have been able to get the thing to build under Linux. The project could really use some help, and I think a lot of good could come of it. The Phd types [uni-erlangen.de] who wrote it seem to have mostly moved on..

What a pity it will not be useful for too long... (4, Funny)

PaulBu (473180) | more than 10 years ago | (#9308193)

... After all the $$M spent on cute visualization and PR promotion of the technology, evil authors of port-scanners just add two lines:

pseed=urand(); iseed=urand(); /* this */
for(port ...)
for(ip ...){
port ^= pseed; ip^=iseed; /* and this */
probe(ip,port);
}

or use some fancier one-to-one mapping and the dots in your cube are again "random" to the naked eye.

(On a side note, why whoever implemented that "barberwire"-producing scanner did not do this at the time, I can not understand).

Paul B.

How does it depict (0)

Anonymous Coward | more than 10 years ago | (#9308284)

when you have been /.ed? (As it seems to be right now)

Re:How does it depict (1)

IMarvinTPA (104941) | more than 10 years ago | (#9308453)

It should be a nice line in the z-axis, basically representing all the IPs on the internet hitting the same port on the same machine.
It should be unique, but cool.

IMarv

saw it as SC2003 as well... (2, Funny)

painehope (580569) | more than 10 years ago | (#9308342)

I busted out my laptop and sat down and started port-scanning some friendly IPs in front of the screen, only to be disappointed that I'd have to wait something like 10 minutes to see my spray coming out.

It was still pretty cool, and I'm sure half of the traffic on it was people like who kicked off port scans just to see themselves on the screen ;p
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>