Maltrail – Mailicious Traffic Detection System

Maltrail scans the traffic on your hosts and detects malicious traffic based on publicly available lists, AV lists, and user defined lists.

Source: Römer

Source: Römer

The system is based on a “Sensor” and a “Server” components.

The “sensor” can be set up as:

  • a standalone server on the public network (“honeypot”)
  • a server passively connected to a mirroring port on a switch
  • transparent inline traffic pass-through server

In all 3 configurations, the sensor will collect suspicious events and pass them to the “Server”.

The “server” collects and stores all the events received from the “sensor” and produces visual reports through its web interface.

More information about Maltrail including download and installation instructions are available on the Maltrail’s GitHub page.

Leave a Reply

Your email address will not be published. Required fields are marked *