Open Source Tools: Arbor Atlas
Arbor Networks is in the unique position of having touchpoints all over the Internet with its Peakflow system. It allows them to aggregate data on a global basis, making them best situated to see real time attacks, threats, botnets and worms on the Internet.
As a public service, they created ATLAS, the Active Threat Level Analysis System, and they allow the public to see the data. This is a great way to determine if attacks against your organization are targeted or just typical traffic on the Internet.
They publish frequent threat briefings and keep a running blog on emergent trends and threats. They show the top attacks, not just the top scanned ports that are detected to occur on the internet. For instance, at the time of this posting, they have detected a doubling of attempts to overflow the Symantec Viruscanning software, while SSH attacks have dropped nearly in half.
They also keep a running tab on the top attacking IP addresses so you can keep your router filters up to date. And if you want IP history on things that are not on the list, you can register (if you qualify) to dig into their database. And you can subscribe to their blog here.