This graph was generated by using psad in --CSV mode against the Honeynet Scan34 challenge iptables logfile (see http://www.honeynet.org/scans/scan34/). This shows outbound traffic from the Honeynet subnet 11.11.79.0/24, and clearly shown are suspicious connections from the host 11.11.79.67 to external SSH and IRC servers; these are good indications that the system has been compromised.