• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
home / tools / maltrail: Detects malicious network traffic

maltrail: Detects malicious network traffic

11/06/2020 09:00 by Anastasis Vasileiadis

Maltrail is a malicious traffic detection system that uses publicly available lists containing malicious or generally suspicious "paths", along with static traces collected from various AV references and custom user-defined lists, where the trace can be anything from the name, URL, IP address or user header value and HTTP.

It also uses advanced heuristic mechanisms that can help detect unknown threats.

maltrail - maltrail: Detects malicious network traffic

Architecture

Maltrail is based on the sequence -> Sensor <-> Server <-> Client Architecture. Sensor (s) is a standalone component that operates on the monitoring node (eg Linux platform passively connected to the SPAN / mirroring port or transparently embedded in a Linux bridge) or on the standalone machine (eg Honeypot) where it "monitors »The traffic that passes for objects /" paths "black list (eg domain names, URLs and / or IP).

In case of a positive match, it sends the details of the event to the (central) server where they are stored in the appropriate log directory (ie LOG_DIR described in the Configuration section).

If the sensor is running on the same computer as the server (default configuration), the logs are stored directly in the local log directory. Otherwise, they are sent via UDP messages to the remote server (ie LOG_SERVER described in the Configuration section).

bbb - maltrail: Detect malicious network traffic

The primary role of the server is to store event details and provide support for the web reporting application. In the default configuration, the server and sensor will work on the same computer.

Thus, in order to avoid possible interruptions in the sensor activities, the front-end reference section is based on the “Fat client” architecture (ie all data after processing is done in the presence of the client's web browser).

The events (ie log entries) for the selected period (24 hours) are transferred to the client, where the web reporting application is solely responsible for the presentation part. The data is sent to the client in compressed parts, where it is processed sequentially. The final report is created in a condensed form, effectively allowing the presentation of the almost unlimited number of events.

Installation

sudo apt-get install python python-pcapy git
git clone https://github.com/stamparm/maltrail.git

Application snapshots

68747470733a2f2f692e696d6775722e636f6d2f4c5136567530302e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f4e594a67364b6c2e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f6c6f47573647412e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f6f437634326a642e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f354e46627143622e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f526e49524f636e2e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f576b38586a68712e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f36326f616645652e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f42674b636841582e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f70706f4d4875622e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f75355a343735322e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f77534f4f6e514d2e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f3874576a32706d2e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f7376374f4e7a6b2e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f413071524f70382e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f497850774b4b5a2e706e67 500x16 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f4539747432656b2e706e67 - maltrail: Ανίχνευση κακόβουλης κυκλοφορίας δικτύου

68747470733a2f2f692e696d6775722e636f6d2f426659543275372e706e67 - maltrail: Malware Traffic Detection

68747470733a2f2f692e696d6775722e636f6d2f456841745873372e706e67 - maltrail: Malware Traffic Detection

68747470733a2f2f692e696d6775722e636f6d2f474864475077372e706e67 - maltrail: Malware Traffic Detection

68747470733a2f2f692e696d6775722e636f6d2f527963675672752e706e67 - maltrail: Malware Traffic Detection

68747470733a2f2f692e696d6775722e636f6d2f564173713863732e706e67 - maltrail: Malware Traffic Detection

Information on using the program, you will find here.

maltrail: Detects malicious network traffic was last modified: 15 June, 2020, 2: 34 mm by Anastasis Vasileiadis

Subscribe to our newsletter

no spam

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: toolstag: maltrail

You May Also Like

OpenDoor: OWASP WEB Directory Scanner
Zynix-fusion: Various security tools for pentesters
Gaidaros: Systems analyzer for security vulnerabilities

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « What to do if you pour water or coffee on your laptop
Next Post: Tails hacked by Facebook and the FBI »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loadingCancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.