2022-10-26 12:32:08 by Thomas Klausner | Files touched by this commit (687) |
Log message:
*: bump PKGREVISION for libunistring shlib major bump
|
2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | |
Log message:
revbump for textproc/icu update
|
2022-03-30 11:46:07 by Thomas Klausner | Files touched by this commit (3) |
Log message:
ntopng: patch out unportable test(1) operator to fix build
|
2022-03-28 21:32:25 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message:
ntopng: updated to 5.2.1
ntopng 5.2 (February 2022)
Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support \
(data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries \
using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS \
analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points
Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed \
(delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
* Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
* Optimize polling of SNMP devices
* Improve SNMP v3 support
* Add more information including version
* Stateful SNMP alert to detect too many MACs on non-trunk
* Perform fat MIBs poll on average every 15 minutes
* Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, \
Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
* Getter for the bridge MIB
* Getter for LLDP adjacencies
* Check for BPF filters
* Score charts timeseries and analysis
Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet \
and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs
Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, \
/get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries
Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup
nEdge
* Add support for Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button
ntopng 5.0 (August 2021)
Breakthroughs
* Advanced alerts engine with security features, including the detection of \
[attackers and \
victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
* Integration of 30+ [nDPI security \
risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
* Generation of the `score` [indicator of \
compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) \
for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation \
points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover \
possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover \
self-signed, expired, invalid certificates and other issues
New features
* Ability to configure alert exclusions for individual hosts to mitigate false \
positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and \
when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and \
low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access
Improvements
* Reworked the execution of hosts and flows checks (formerly user scripts), \
yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection \
performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of \
[nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) \
historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling
Fixes
* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface
Notes
* To ensure optimal performance and scalability and to prevent uneven resource \
utilization, the maximum number of interfaces handled by a single ntopng \
instance has been reduced to
* 16 (Enterprise M)
* 32 (Enterprise L)
* 8 (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in \
favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts \
drilldown page with integrated charts
|
2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063) |
Log message:
revbump for icu and libffi
|
2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|
2021-09-29 21:01:31 by Adam Ciarcinski | Files touched by this commit (872) |
Log message:
revbump for boost-libs
|
2021-06-23 22:33:18 by Nia Alarie | Files touched by this commit (103) |
Log message:
Revbump for MySQL default change
|
2021-06-23 21:34:15 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message:
ntopng: updated to 4.2
4.2 Stable
Breakthroughs
Flexible Alert Handling
Added recipients and endpoints to send alerts to different recipients on \
different channels, including email, Discord, Slack and Elasticsearch
Initial SCADA protocol support
Many internal components of ntopng have been rewritten in order to improve the \
overall ntopng performance, reduce system load, and capable of processing more \
data while reducing memory usage with respect to 4.0.
Cybersecurity extensions have been greatly enhanced by leveraging on the latest \
nDPI enhancements that enabled the creation of several user scripts able to \
supervise many security aspects of modern systems.
Behavioral traffic analysis and lateral traffic movement detection for finding \
cybersecurity threats in traffic noise.
Initial Scada support with native IEC 60870-5-104 support. We acknowledge \
switch.ch for having supported this development.
Consolidation of Suricata and external alerts integration to further open ntopng \
to the integration of commercial security devices.
SNMP support has been enhanced in terms of speed, SNMPv3 protocol support, and \
variety of supported devices.
New REST API that enabled the integration of ntopng with third party \
applications such as CheckMK.
New features
Traffic Behavioral Analysis
Periodic Traffic
Lateral Movements
TLS with self-signed certificates, issuerDN, subjectDN
Support for Industrial IOT and Scada with modbus, DNP3 and IEC60870
Support for attack mitigation via SNMP
Active monitoring
Support for ICMP v4/v6, HTTP, HTTPS and Speedtest
Ability to generate alerts upon unreachable or slow hosts or services
Detection of unexpected servers
DHCP, NTP, SMTP, DNS
Services map
nIndex direct to maximixe flows dump performance
MacOS package
Improvements
Implements per-category indicator of compromise score
Flexible configuration import/export/reset
Ability to import/export/reset all the ntopng configurations or parts of it
Increased nIndex dump throughput by a factor 10
Increased user scripts execution throughput
Massive cleanup/simplifications of plugins to ease community contributions
Improved cardinality estimation (e.g., number of contacted hosts, number of \
contacted ports) using Hyper-Log-Log
Added DSCP information
Reworked handling of dissected virtual hosts to improve speed and reduce memory
nEdge
Support for hardware bypass
Fixes
Fixed race conditions in view interfaces
Fixed crash when restoring serialized hosts in memory
Fixed conditions causing high CPU load
Fixes CSRF vulnerabilities when POSTing JSON
Fixes heap-use-after-free on HTTP dissected last_url
|