Cybersecurity

How Attackers and Victims Detection works in ntopng

Posted June 7, 2021 · Add Comment

In recent ntopng versions, alerts have been significantly enriched with metadata useful to understand network and security issues. In this post, we focus on the “Attacker” and “Victim” metadata, used to enrich flow alerts and label hosts. Specifically, the client … Continue reading →

How to Spot Unsafe Communications using nDPI Flow Risk Score

Posted May 18, 2021 · Add Comment

nDPI it is much more than a DPI library used to detect the application protocol. In the past year, nDPI has grown in terms of cybersecurity features used to detect threats and network issues leveraging on the concept of flow … Continue reading →

On Network Visibility and Cybersecurity

Posted May 11, 2021 · Add Comment

Today we had the change to talk about network visibility and cybersecurity during an event organised by the Milan Internet Exchange MIX-IT. In this talk we have presented the current state of development in this area at ntop and provided … Continue reading →

Combining nDPI and Wireshark for Cybersecurity Traffic Analysis

Posted April 26, 2021 · Add Comment

At the upcoming Sharkfest Europe 2021 we’ll talk about using Wireshark in cybersecurity. Part of the talk will focus on nDPI and Wireshark integration. Since the last release nDPI features flow risk analysis, that is basically a numerical indication of … Continue reading →

Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)

Posted February 3, 2021 · Add Comment

We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In the Network … Continue reading →

Security-Centric Traffic Analysis

Posted October 23, 2020 · Add Comment

Days ago we have given a short speak about cybersecurity at an Italian meetup. These are the presentation slides (English) where you can read more about the steps we have taken to make our tools more cybersecurity-oriented. Below you can … Continue reading →

How Attack Mitigation Works (via SNMP)

Posted August 26, 2020 · Add Comment

One of the greatest strengths of ntopng is its ability to correlate data originating at different layers and at multiple sources together. For example, ntopng can look at IP packets, Ethernet frames and, at the same time, poll SNMP devices. … Continue reading →

How to Detect Domain Hiding (a.k.a. as Domain Fronting)

Posted August 19, 2020 · Add Comment

Domain fronting is a technique that was used in 2010s by mobile apps to attempt to bypass censorship. The technique relies on a “front” legitimate domain that basically acts as a pivot for the forbidden domain. In essence an attacker … Continue reading →

Mice and Elephants: HowTo Detect and Monitor Periodic Traffic

Posted August 4, 2020 · Add Comment

Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often be hidden in the … Continue reading →

Browse By Date
Browse By Date
Browse By Categories
- Announce (48)
- cento (7)
- Components (1)
- Cybersecurity (9)
- Features (2)
- Guides (11)
- libebpfflow (1)
- n2disk (20)
- n2n (7)
- nbox (7)
- nDPI (46)
- nEdge (6)
- News (12)
- nProbe (89)
- nScrub (3)
- ntop (92)
- ntopng (124)
- PF_RING (88)
- snort (3)
- TNAPI (11)
- tutorials (15)
- vPF_RING (3)
- ZC (30)

How Attackers and Victims Detection works in ntopng

How to Spot Unsafe Communications using nDPI Flow Risk Score

On Network Visibility and Cybersecurity

Combining nDPI and Wireshark for Cybersecurity Traffic Analysis

Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)

Security-Centric Traffic Analysis

How Attack Mitigation Works (via SNMP)

How to Detect Domain Hiding (a.k.a. as Domain Fronting)

Mice and Elephants: HowTo Detect and Monitor Periodic Traffic

Browse By Date

Browse By Categories

Latest Posts

Upcoming Events