nDPI 4.6 waxay la timaaddaa taageero borotokool cusub, adeegyo iyo qaar kaloo badan

Darkcrizt

Daqiiqado 4

nDPI

nDPI® waa maktabad LGPLv3 il furan oo loogu talagalay kormeerka xirmo qoto dheer. Iyada oo ku saleysan OpenDPI, waxaa ku jira kordhinta sare.

The sii deynta nooca cusub ee nDPI 4.6 kaas oo soo bandhigaya dhowr horumarin, iyo sidoo kale taageerada hab-maamuusyo badan iyo adkeysi iyada oo ay ugu wacan tahay koodka qallafsan ee lagu soo bandhigay noocaan. Soo saarista xogta badan ee borotokoolka ayaa lagu horumariyay dhawr hab-maamuus, sidoo kale ogaanshaha DGA ee magacyada martida loo yahay, iyo waxyaabo kale.

nDPI Waxaa lagu gartaa in loo isticmaalo ntop iyo nProbe labadaba si loogu daro ogaanshaha borotokoollada lakabka arjiga, iyadoon loo eegin dekadda la isticmaalayo. Tani waxay ka dhigan tahay inay suurtogal tahay in la ogaado borotokoollada la yaqaan ee dekadaha aan caadiga ahayn.

Mashruuca wuxuu kuu oggolaanayaa inaad go'aamiso borotokoollada heerka dalabka ee loo adeegsado taraafikada adoo falanqeynaya dabeecadda waxqabadka shabakadda adigoon ku xirneyn dekadaha shabakadda (waxaad go'aamin kartaa borotokoollada la yaqaan oo darawaladooda ay aqbalaan isku xirnaanta dekadaha shabakadda ee aan caadiga ahayn, tusaale ahaan haddii http aan laga soo dirin dekadda 80, ama, taa beddelkeeda, markay isku dayaan inay qariyaan kuwa kale hawlaha shabakadda sida http oo ku shaqaynaya dekedda 80).

Astaamaha ugu waaweyn ee nDPI 4.6

Siideynta cusub ee nDPI 4.6, la siiyay awood lagu qeexo borotokoolka gaarka ah iyadoo la adeegsanayo filtarrada nBPF (tusaale: 'nbpf:»host 192.168.1.1 iyo port 80″@HomeRouter').

Sidoo kale waxqabadka falanqaynta taraafikada ayaa si weyn loo hagaajiyay, iyo sidoo kale ogaanshaha WebShell iyo PHP code ee HTTP URLs iyo qeexida DGA (Domain Generational Algorithm).

Waxa la balaadhiyey khataraha iyo arrimaha shabakadaha la ogaaday la xidhiidha halista ballan qaadka (khatar socodka). Taageerada lagu daray noocyada khatarta cusub: NDPI_HTTP_OBSOLETE_SERVER (waxay ogaataa noocyadii hore ee Apache iyo nginx), NDPI_PERIODIC_FLOW, NDPI_MINOR_ISSUES, NDPI_TCP_ISSUES.

Arrin kale oo cusub oo lagu soo bandhigay nuqulkan cusub ayaa ah imtixaano yaab leh ayaa la fuliyay oo ay weheliso hubinta hagaajinta ee tilmaamaha AES-NI iyo hagaajinta lagu sameeyay taxanaha xogta ee qaabka JSON.

Dhinaca kale, waxaa sidoo kale la iftiimiyay taas xisaabaadka lagu daray Patricia, Ahocarasick iyo LRU cache, iyo sidoo kale cache-ga LRU-da la habeyn karo ee gabow-gelinta macquulka ah, taageerada durdurrada RTP si ay u daadiyaan metadata, iyo utility ndpiReader wuxuu fuliyaa taageerada Linux Cooked Capture v2 borotokoolka.

Dhinaca ku kordhinta taageerada ee borotokoolka iyo adeegyada:

  • Activision
  • Helitaanka serverka AliCloud
  • avast
  • CryNetwork
  • Anydesk
  • Bittorrent (hagaajin kalsoonida, ogaanshaha TCP)
  • DNS, ku dar kartida aad ku dejin karto diiwaanada PTR DNS ee loo isticmaalo xallinta ciwaanka
  • DTLS (xakamaynta jajabyada shahaadada)
  • Facebook VoIP wac
  • FastCGI (kala saar PARAMS)
  • FortiClient (cusbooneysii dekedaha caadiga ah)
  • khilaaf
  • edns
  • Elasticsearch
  • FastCGI
  • Kismet
  • Liane App iyo Line VoIP wicitaanada
  • Meraki Cloud
  • muanin
  • NATPMP
  • HTTP hoosaadka
  • Hubi wakiilka isticmaale-madhan/ka maqan ee HTTP
  • IRC (hubinta aqoonsiga)
  • Jabber / XMPP
  • Kerberos (taageerada fariimaha-Krb-Error)
  • LDAP
  • MGCP
  • MONGODB (iska ilaali wanaagga beenta ah)
  • Sameeysho
  • TP-LINK Smart Home
  • LAN kaaga
  • SoftEtherVPN
  • Dhimirka
  • TiVoConnect
  • SNMP
  • SMB (taageerada fariimaha loo kala qaybiyay qaybo badan oo TCP ah)
  • SMTP (taageerada amarka X-ANONYMOUSTLS)
  • STUN
  • SKYPE (hagaajin ogaanshaha UDP, ka saar ogaanshaha TCP)
  • Teamspeak3 (Shatiga/ Ogaanshaha Webka)
  • Threema Messenger
  • Zoom
  • Ku dar ogaanshaha wadaagga shaashadda Zoom
  • Ku dar ogaanshaha isu-socodka isku-fac-fiil ee STUN
  • Hangout/Duo Voip waxay wacdaa ogaanshaha, wanaaji fiirsashada geedka borotokoolka
  • HTTP
  • Xakamaynta HTTP-Proxy iyo HTTP-Connect
  • Dib -u -dhigid
  • POP3
  • QUIC (taageerada xirmooyinka 0-RTT ee la helay ka hor bilowga)
  • Snapchat VoIP wac

Finalmente hadaad xiisaynayso inaad waxbadan ka ogaato Ku saabsan noocan cusub, waxaad ka eegi kartaa faahfaahinta ku jirta xiriirka soo socda.

Sida loo rakibo nDPI Linux?

Kuwa danaynaya inay awoodaan inay ku rakibaan qalabkan nidaamkooda, waxay sidaas ku samayn karaan iyagoo raacaya tilmaamaha aan wadaagno hoos.

Si loo rakibo qalabka, waa in aan soo dejinnaa koodhka isha oo aan soo ururinno, laakiin ka hor haddii ay yihiin Debian, Ubuntu ama adeegsadayaal soosaara Kuwaas, waa in aan marka hore rakibno kuwan soo socda:

sudo apt-get install build-essential git gettext flex bison libtool autoconf automake pkg-config libpcap-dev libjson-c-dev libnuma-dev libpcre2-dev libmaxminddb-dev librrd-dev

Marka laga hadlayo kuwa Isticmaalayaasha Arch Linux:

sudo pacman -S gcc git gettext flex bison libtool autoconf automake pkg-config libpcap json-c numactl pcre2 libmaxminddb rrdtool

Hadda, si aan u ururinno, waa in aan soo dejinnaa koodhka isha, kaas oo aad ku heli karto marka aad ku qorto:

git clone https://github.com/ntop/nDPI.git

cd nDPI

Oo waxaanu sii wadaynaa inaanu soo ururino qalabka anagoo ku qornaaya:

./autogen.sh
make

Haddii aad xiisaynayso inaad wax badan ka ogaato isticmaalka qalabka, waad awoodaa hubi xiriirka soo socda.


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.