stealwatch里的安全功能——ETA结果会显示加密套件以及key长度,还有流量大小(例如41MB)
以后可以考虑的方向,在stealwatch里包含:
ad Injector
click fraud
cryptocurrency miner
exploit kit
malicious advertising
malicious conetent distribution
maney scam
PUA
scareware
spam botnet
spam tracking
cryptowall
ramnit
sality
SMB service discovery:貌似是直接看445端口是否开放
DNS sinkhole
ICMP burst
unexpected DNS usage
SSH creacking
torrent
excessive communication
vlunerability scanning tool
phishing
TOR
----
注意: C&C/TOR/Bogon/Fake App(需要流探针)
检测挖矿的方法:内外的网络流量是否很大,看来是根据挖矿的流量特征来进行检测的。需要手动配置,做得比较low。
DDoS Source: Indicates that a host
has been identified as the source
of a DDoS attack 还会检测ddos source和target
DDoS Target: Indicates that a host
as been identified as a the target of
a DDoS attack.
Data Hoarding: Indicates that a
source or target host within a network
has downloaded an unusual amount
of data from one or more hosts.
Exfiltration: Tracks inside and
outside hosts to which an abnormal
amount of data has been
transferred. 内外通信的网络流量异常
stealwatch的检测数据包括流量、web logs。。。
BehaviourBehaviour Behaviour Behaviour BehaviourBehaviourAnalysisAnalysisAnalysis AnalysisAnalysisAnalysisSuspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in
相关文章
- 配置安全的Impala集群集成Sentry
- 2022写日记加密工具有哪些?安全写日记选择云便签
- C++的单例模式与线程安全单例模式(懒汉/饿汉)
- 【ASP】Window2008站点安全设置,IIS7/IIS7.5中目录执行权限的设置方法
- 安全知识小结
- 安全学习
- WAF绕过神器 (过安全狗、智创SQL注入)
- 甲方安全建设推进思路(转)
- web安全
- JavaSE进阶 | 深入理解多线程(线程安全synchronized)
- 如何在软件研发阶段落地安全实践
- 数据加密:你应该知道的数仓安全
- 【Android 安全】DEX 加密 ( Application 替换 | 获取 ContextImpl、ActivityThread、LoadedApk 类型对象 | 源码分析 )
- 【Android 安全】DEX 加密 ( Application 替换 | Android 应用启动原理 | ActivityThread 后续分析 | Application 替换位置 )
- 【Android 安全】DEX 加密 ( Application 替换 | Android 应用启动原理 | LoadedApk 后续分析 )
- 【Android 安全】DEX 加密 ( Application 替换 | Android 应用启动原理 | Instrumentation 源码分析 )
- 【Android 安全】DEX 加密 ( Java 工具开发 | 生成 dex 文件 | Java 命令行执行 )
- 【Android 安全】DEX 加密 ( 多 DEX 加载 | 65535 方法数限制和 MultiDex 配置 | PathClassLoader 类加载源码分析 | DexPathList )
- 【Android 安全】DEX 加密 ( DEX 加密原理 | DEX 加密简介 | APK 文件分析 | DEX 分割 )
- 全国职业院校技能大赛网络安全竞赛——Apache安全配置详解
- 内网渗透(五十)之域控安全和跨域攻击-使用其他工具导出域账号和散列值
- 逆向路由器固件之敏感信息泄露 Part2——物联网安全——信息收集,获取db中的用户名和密码
- RSA 2022人工智能安全洞察——在对抗中前进
- 思科安全:加密流量威胁检测、加密流量威胁和恶意软件检测、识别无线干扰或威胁、Talos 情报源可加强对已知和新型威胁的防御、分布式安全异常检测
- Memcache安全配置
- 安全测试----使用Docker搭建SQL注入安全测试平台sqli-labs
- 探索密码学的未来:SM1、SM2、SM3、SM4、同态加密、密态计算、隐私计算和安全多方计算
- 无线WiFi安全渗透与攻防(六)之WEP破解-Gerix-wifi-cracker自动化破解WEP加密
- 无线WiFi安全渗透与攻防(八)之WEP-Hirte渗透WEP加密
- 无线WiFi安全渗透与攻防(一)之无线安全环境搭建