Lead Image © Andrea De Martin, 123RF.com
Identify malicious traffic with Maltrail
Tracker
As digitalization makes further headway into business processes, the vulnerability of IT infrastructures increases. Just one undetected vulnerability could open the door to potential attackers. Even if 100 percent protection remains an illusion, organizations need to be proactive in the face of an increasingly stressful security landscape. Maltrail is a free tool that can be a useful addition in your search for would-be attackers on your network.
Detection
Managing legacy intrusion detection and intrusion prevention systems involves a great deal of effort, partly because hybrid approaches consisting of intrusion detection (IDS), host-based intrusion detection (HIDS), and network-based intrusion detection (NIDS) systems are required. However, managing Maltrail is child's play.
To identify malicious traffic on your network, Maltrail uses publicly available lists that point out critical or suspicious traces. On the GitHub project site [1], the developers reveal the lists and malicious entities on which they draw. Maltrail pays particular attention to statistics, antivirus (AV) reports, domain names, and IP addresses. HTTP user agent header values – such as those generated by sqlmap [2], used for automatic SQL injection and database hijacking – are also considered. You can also opt to deploy heuristic mechanisms, which can be useful in detecting previously unknown threats. The various suspicious sources are jointly referred to as "trails."
Basic Structure
Maltrail's strengths lie in its ability to detect suspicious web access and name resolution events. The functionality is largely limited to analysis and report output. The environment features a sensor and a server component. The server
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Automate complex IT infrastructures with StackStorm
StackStorm is an open source, event-based platform for runbook automation. -
Traffic analysis with mitmproxy
The mitmproxy tool puts interactive traffic analysis in your hands. -
Cloud security with AWS GuardDuty
AWS GuardDuty uses machine learning and threat intelligence to identify malicious activity for continuous security monitoring in the cloud. -
Kubernetes k3s lightweight distro
The k3s lightweight and secure Kubernetes distribution can handle both unattended workloads in remote locations with minimal resources and clusters of IoT appliances. -
Open Source Security Information and Event Management system
Systems, network, and security professionals face a big problem managing disparate security data from a variety of sources. OSSIM gives IT security professionals the capacity to cut through the noise and gain wisdom and foresight in defending and managing their networks.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
