Detect attacks on your network with Maltrail - Sentry
Linux Magazine|#258/May 2022: Clean IT
Maltrail is a lightweight analysis tool that examines network traffic and raises the alarm if it detects suspicious access or dubious name resolution.
Markus Stubbig
Detect attacks on your network with Maltrail - Sentry
Hundreds of security products vie for the favor of users on the Internet, promising the highest levels of protection. Along with the numerous commercial offerings available for a monthly rate are some free open-source products that aim to expand the basic protection that might already be in place.

Maltrail [1] is an open source tool that lays in wait on the network and sounds the alarm if a package appears suspicious. It reports its findings but does not intervene. The way Maltrail works is somewhere between an intrusion detection system and a malware scanner. Maltrail uses public blacklists to examine the packages. In Maltrail jargon, the description of a suspicious IP address, web URL, or domain is known as a trail. Feeds are lists of known trails that the Maltrail community keeps up to date.

Structure

Maltrail consists of two components. The sensor component sniffs the packets, and the server component collects the alarms from the sensor. In a perfect setup, the sensor component resides on a router or firewall, because these devices get to see the data streams of all network participants. In Figure 1, the sensor resides on a firewall and therefore has access to all the packets passing through. The position of the server does not matter much as long as the sensor and the admin can access it.

Installation

The Maltrail program code is written entirely in Python. Maltrail is not picky about the Python version. Basically, all interpreters with a version number of 2.6 or newer will work, and this means that even older Linux servers can be used as sensors. The sensor also needs the Python pcapy package to intercept the IP packets from the network adapter. The software itself is available from Github under a free license.

This story is from the #258/May 2022: Clean IT edition of Linux Magazine.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.

This story is from the #258/May 2022: Clean IT edition of Linux Magazine.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.

MORE STORIES FROM LINUX MAGAZINEView All
URL filtering with Pi-hole Into the Funnel
Linux Magazine

URL filtering with Pi-hole Into the Funnel

Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.

time-read
10+ mins  |
#274/August 2023: The Best of Small Distros
Artificial intelligence on the Raspberry Pi Learning Experience
Linux Magazine

Artificial intelligence on the Raspberry Pi Learning Experience

You don't need a powerful computer system to use Al. We show what it takes to benefit from Al on the Raspberry Pi and what tasks the small computer can handle.

time-read
7 mins  |
#274/August 2023: The Best of Small Distros
MakerSpace Manage your greenhouse with a Raspberry Pi Pico W Sheltered Growth
Linux Magazine

MakerSpace Manage your greenhouse with a Raspberry Pi Pico W Sheltered Growth

You can safely assign some greenhouse tasks to a Raspberry Pi Pico W, such as controlling ventilation, automating a heater, and opening and closing windows.

time-read
7 mins  |
#274/August 2023: The Best of Small Distros
Control Center
Linux Magazine

Control Center

Tipi gives you complete control of more than 100 applications and services. A mouse click is all it takes to install the apps.

time-read
6 mins  |
#274/August 2023: The Best of Small Distros
In One Fell Swoop
Linux Magazine

In One Fell Swoop

Topgrade detects all the package managers installed on a system and executes them one by one at the command line.

time-read
3 mins  |
#274/August 2023: The Best of Small Distros
Go Faster!
Linux Magazine

Go Faster!

The fastest way through a curve on a racetrack is along the racing line. Instead of heading for Indianapolis, Mike Schilli trains his reflexes with a desktop application written in Go, just to be on the safe side.

time-read
9 mins  |
#274/August 2023: The Best of Small Distros
Math Magic
Linux Magazine

Math Magic

MathLex lets you easily transform handwritten math formulas to digital format and use them on the web.

time-read
5 mins  |
#274/August 2023: The Best of Small Distros
Custom Repair Toolkit
Linux Magazine

Custom Repair Toolkit

You can do more with System Rescue than just repair broken systems. By adding tools and scripts, you can create a custom rescue environment that meets your needs.

time-read
8 mins  |
#274/August 2023: The Best of Small Distros
At Your Disposal
Linux Magazine

At Your Disposal

Debvm lets you quickly create a temporary virtual machine with a small memory footprint, ideal for testing scripts or mixing repositories

time-read
4 mins  |
#274/August 2023: The Best of Small Distros
A Fresh Breeze
Linux Magazine

A Fresh Breeze

Vanilla OS, an immutable filesystem, seamlessly integrates applications from other distributions with an innovative container-based package manager.

time-read
5 mins  |
#274/August 2023: The Best of Small Distros