Add to collection(s) Add to saved
  1. No category
Uploaded by Patrick Com

Maltrail Intrusion Detection Guide

advertisement 
INTRUSION DETECTION SYSTEM
BY USING MALTRAIL TOOL
• MALTRAIL refers to the open source or network trafficking monitoring
tool designed for the detection of malicious activities on a network
HOW DOES MALTRAIL TOOL WORK
• It work by analyzing network traffics, identify suspicious traffic
pattern and detecting known malicious IP address and domain.This
often used in intrusion detection systems(IDS) or network traffic
analyses
KEY FEATURES OF MALTRAIL
I. Malicious IP detection
II. Traffic analysis: It monitors and logs network traffics focusing on
pattern that could indicate malicious behavior like port scanning,
suspicious HTTP request, DNS anomalies
III. Real time alert: The tool provides real time alerts and notifications
when suspicious or known malicious traffics detect, means that
allow securities
IV. Logging and Reporting: Maltrail logs all network traffics it monitors
and provides
STEPS INVOLVED IN INTERACTING WITH
MALTRAIL WEB INTERFACES
1. Download Maltrail from github
Navigate from terminal of the kalinux
By command
$cd Downloads
move the folder to /opt/maltrail
$sudo mv ~ /Downloads/maltrail-master /opt/maltrail
Move maltrail-master.zip to the /opt/ directory
$ cd /opt
$ ls
$ sudo unzip maltrail-master.zip
Then make a directory called maltrail
$ sudo mkdir maltrail
2. Set correct permisssion to the folder maltrail
3. CREATE VIRTUAL ENVIRONMENT
A virtual environment is an isolated space where you can install Python packages and dependencies for a specific project.
It ensures that your project’s dependencies don’t interfere with other projects or the global Python installation.
How Does It Work?
Creation
Activation
Deactivation
4. INSTALL DEPENDENCY: in order to install dependency change the ownership and commission. The
command to check ownership chown -R username : username /opt/maltrail/venv
5. SET UP DATA DIRECTORY A data directory is a structured folder system where you store and organize all
the data files for your project. It helps keep your data clean, accessible, and easy to manage
Why Set Up a Data Directory?
Organization: Keeps your data files neatly categorized.
Reproducibility: Makes it easy for others (or future you) to understand and use the data.
Efficiency: Saves time by avoiding clutter and confusion.
Scalability: Prepares your project for growth as more data is added.
6. START MALTRAIL
start sensor.py
command $ sudo ptyhon3 /opt/maltrail/sensor.py
Altenatively command $sudo python3 sensor.py
start server.py
$sudo python3 /opt/maltrail/server.py
Open web browser and know the ip address of a kali machine example 192.168.1`.1
http: //localhost:8338
steps used to detect malicious activities in maltrail
1. open two terminal in debian or ubuntu and try to scan by using a network map tool
(nmap)
example the ip of kali machine is 192.168.100.106
$nmap -n --script=vuln 192.168.100.106
In terminal two
$nmap -n -sS -sU -A 192.168.100.106
2. Then refresh page of maltrail web interface ...then you will see an output like this
below
Related documents
Working-Time-Regulations-Opt-Out
Working-Time-Regulations-Opt-Out
Nmap Host Scanning Tutorial
Nmap Host Scanning Tutorial
Develop Worksheet 16 Name ________________________ Period______ Directory Structure
Develop Worksheet 16 Name ________________________ Period______ Directory Structure
1
1
Download
advertisement