This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for detecting risks and extracting metadata from protocols. Our idea is to make nDPI more user […]
How ntopng monitors IEC 60870-5-104 traffic
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they discover. That is why for the second malware two names were assigned, Incontroller or Pipedream. […]
Incident Analysis: How to Correlate Alerts with Flows and Packets
In incident analysis it is important to provide evidence of the problem at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected specific indicators in traffic that triggered the alert. For instance a host whose behavioural score has exceeded a given threshold or a […]
Short ntop Roadmap for 2022
Those who attended our latest 2021 webinar, had a feeling of what are ntop plans for this year. In summary we keep focusing on cybersecurity and visibility, planning to further enhance our existing tools as follows: nDPI: we plan to improve detection new threats and make it more configurable by end users. The idea is […]
ntop tools and Log4J Vulnerability
Recently we have received many inquiries about ntop tools being immune to the Log4J vulnerability. As you know at ntop we take code security seriously, hence we confirm that: In ntop we do not use Java or Log4J. ntop tools are immune to the above vulnerability hence there is no action or upgrade required. Enjoy […]
nDPI-based Traffic Enforcement on OPNsense/pfSense/Linux using nProbe
nProbe IPS is an inline application able to both export traffic statistics to NetFlow/IPFIX collectors as well to ntopng, and enforce network traffic using nDPI, ntop’s Deep Packet Inspection framework. This blog post shows you how you can use a new graphical configuration tool we have developed to ease the configuration of IPS rules on […]
How Attackers and Victims Detection works in ntopng
In recent ntopng versions, alerts have been significantly enriched with metadata useful to understand network and security issues. In this post, we focus on the “Attacker” and “Victim” metadata, used to enrich flow alerts and label hosts. Specifically, the client or the server of a flow is labelled as “Attacker” when it is, with high […]
How to Spot Unsafe Communications using nDPI Flow Risk Score
nDPI it is much more than a DPI library used to detect the application protocol. In the past year, nDPI has grown in terms of cybersecurity features used to detect threats and network issues leveraging on the concept of flow risk. Each nDPI-analysed flow has associated a numerical flow risk that in essence is a […]
On Network Visibility and Cybersecurity
Today we had the change to talk about network visibility and cybersecurity during an event organised by the Milan Internet Exchange MIX-IT. In this talk we have presented the current state of development in this area at ntop and provided an outlook of some of the features that we’re developing and that will be released […]
Combining nDPI and Wireshark for Cybersecurity Traffic Analysis
At the upcoming Sharkfest Europe 2021 we’ll talk about using Wireshark in cybersecurity. Part of the talk will focus on nDPI and Wireshark integration. Since the last release nDPI features flow risk analysis, that is basically a numerical indication of potential risks associated with a network communication ranging from ‘TLS Certificate Expired’ to more complicated […]