Maltrail [1] is an open source tool that lays in wait on the network and sounds the alarm if a package appears suspicious. It reports its findings but does not intervene. The way Maltrail works is somewhere between an intrusion detection system and a malware scanner. Maltrail uses public blacklists to examine the packages. In Maltrail jargon, the description of a suspicious IP address, web URL, or domain is known as a trail. Feeds are lists of known trails that the Maltrail community keeps up to date.
Structure
Maltrail consists of two components. The sensor component sniffs the packets, and the server component collects the alarms from the sensor. In a perfect setup, the sensor component resides on a router or firewall, because these devices get to see the data streams of all network participants. In Figure 1, the sensor resides on a firewall and therefore has access to all the packets passing through. The position of the server does not matter much as long as the sensor and the admin can access it.
Installation
The Maltrail program code is written entirely in Python. Maltrail is not picky about the Python version. Basically, all interpreters with a version number of 2.6 or newer will work, and this means that even older Linux servers can be used as sensors. The sensor also needs the Python pcapy package to intercept the IP packets from the network adapter. The software itself is available from Github under a free license.
Esta historia es de la edición #258/May 2022: Clean IT de Linux Magazine.
Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.
Ya eres suscriptor ? Conectar
Esta historia es de la edición #258/May 2022: Clean IT de Linux Magazine.
Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.
Ya eres suscriptor? Conectar
Tracking your finances with plain text accounting Plain Numbers
If you're tired of tinkering with spreadsheets, using hledger and plain text accounting offers a simpler method for managing your finances without vendor lock-in
Dependency resolution with apt-get and apt Evolutionary Tale
Over the past 30 years, the apt family has played an important role in dependency resolution for Debian distros.
Cryptomining with Litecoin Traveling Lite
Although not as popular as headliners like Bitcoin and Ethereum, Litecoin is one of the oldest crytocurrencies, and it offers some useful features, such as dual-mining with Dogecoin.
Software Update SnoopGod
SnoopGod delivers an Ubuntu-based pentesting distribution with an emphasis on security education.
Kernel Trouble
This deep look at how intruders attack an out-of-date kernel should be enough to convince you of the need to stay vigilant.
Using Wake-on-LAN for a NAS backup Power Saver
Put your backup server to sleep when you don't need it and then wake it on demand using the Wake-on-LAN feature built into network adapters.
Time Travel
Mike Schilli uses a Go program to check whether a strategy for trading stocks is making gains or losses on the basis of historical price data.
URL filtering with Pi-hole Into the Funnel
Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.
Artificial intelligence on the Raspberry Pi Learning Experience
You don't need a powerful computer system to use Al. We show what it takes to benefit from Al on the Raspberry Pi and what tasks the small computer can handle.
MakerSpace Manage your greenhouse with a Raspberry Pi Pico W Sheltered Growth
You can safely assign some greenhouse tasks to a Raspberry Pi Pico W, such as controlling ventilation, automating a heater, and opening and closing windows.
