Detect attacks on your network with Maltrail - Sentry
Linux Magazine|#258/May 2022: Clean IT
Maltrail is a lightweight analysis tool that examines network traffic and raises the alarm if it detects suspicious access or dubious name resolution.
- Markus Stubbig
Detect attacks on your network with Maltrail - Sentry
Hundreds of security products vie for the favor of users on the Internet, promising the highest levels of protection. Along with the numerous commercial offerings available for a monthly rate are some free open-source products that aim to expand the basic protection that might already be in place.

Maltrail [1] is an open source tool that lays in wait on the network and sounds the alarm if a package appears suspicious. It reports its findings but does not intervene. The way Maltrail works is somewhere between an intrusion detection system and a malware scanner. Maltrail uses public blacklists to examine the packages. In Maltrail jargon, the description of a suspicious IP address, web URL, or domain is known as a trail. Feeds are lists of known trails that the Maltrail community keeps up to date.

Structure

Maltrail consists of two components. The sensor component sniffs the packets, and the server component collects the alarms from the sensor. In a perfect setup, the sensor component resides on a router or firewall, because these devices get to see the data streams of all network participants. In Figure 1, the sensor resides on a firewall and therefore has access to all the packets passing through. The position of the server does not matter much as long as the sensor and the admin can access it.

Installation

The Maltrail program code is written entirely in Python. Maltrail is not picky about the Python version. Basically, all interpreters with a version number of 2.6 or newer will work, and this means that even older Linux servers can be used as sensors. The sensor also needs the Python pcapy package to intercept the IP packets from the network adapter. The software itself is available from Github under a free license.

この蚘事は Linux Magazine の #258/May 2022: Clean IT 版に掲茉されおいたす。

7 日間の Magzter GOLD 無料トラむアルを開始しお、䜕千もの厳遞されたプレミアム ストヌリヌ、9,000 以䞊の雑誌や新聞にアクセスしおください。

この蚘事は Linux Magazine の #258/May 2022: Clean IT 版に掲茉されおいたす。

7 日間の Magzter GOLD 無料トラむアルを開始しお、䜕千もの厳遞されたプレミアム ストヌリヌ、9,000 以䞊の雑誌や新聞にアクセスしおください。

LINUX MAGAZINEのその他の蚘事すべお衚瀺
MADDOG'S DOGHOUSE
Linux Magazine

MADDOG'S DOGHOUSE

The stakeholder approach of open source broadens the pool of who can access, influence, and benefit from information technologies.

time-read
3 分  |
#289/December 2024: Coding with AI
MakerSpace
Linux Magazine

MakerSpace

Rust, a potential successor to C/C++, claims to solve some memory safety issues while maintaining high performance. We look at Rust on embedded systems, where memory safety, concurrency, and security are equally important

time-read
10+ 分  |
#289/December 2024: Coding with AI
In Harmony
Linux Magazine

In Harmony

Using the Go Interface mechanism, Mike demonstrates its practical application with a refresh program for local copies of Git repositories.

time-read
9 分  |
#289/December 2024: Coding with AI
Monkey Business
Linux Magazine

Monkey Business

Even small changes in a web page can improve the browsing experience. Your preferred web browser provides all the tools you need to inject JavaScript to adapt the page. You just need a browser with its debugging tools, some knowledge of scripting, and the browser extension Tampermonkey.

time-read
10+ 分  |
#289/December 2024: Coding with AI
Smarter Navigation
Linux Magazine

Smarter Navigation

Zoxide, a modern version of cd, lets you navigate long directory paths with less typing.

time-read
4 分  |
#289/December 2024: Coding with AI
Through the Back Door
Linux Magazine

Through the Back Door

Cybercriminals are increasingly discovering Linux and adapting malware previously designed for Windows systems. We take you inside the Linux version of a famous Windows ransomware tool.

time-read
9 分  |
#289/December 2024: Coding with AI
Page Pulse
Linux Magazine

Page Pulse

Do you want to be alerted when a product is back in stock on your favorite online store? Do you want to know when a website without an RSS feed gets an update? With changedetection.io, you can stay up-to-date on website changes.

time-read
8 分  |
#289/December 2024: Coding with AI
Arco Linux
Linux Magazine

Arco Linux

ArcoLinux, an Arch derivative, offers easier installs while educating users about Arch Linux along the way.

time-read
5 分  |
#289/December 2024: Coding with AI
Ghost Coder
Linux Magazine

Ghost Coder

Artificial intelligence is increasingly supporting programmers in their daily work. How effective are these tools? What are the dangers? And how can you benefit from Al-assisted development today?

time-read
10+ 分  |
#289/December 2024: Coding with AI
Zack's Kernel News
Linux Magazine

Zack's Kernel News

Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

time-read
9 分  |
#289/December 2024: Coding with AI