Hi Dan,
nDPI detects some common mining protocols, please check out
https://github.com/ntop/nDPI/commit/c6b427c2521c0916866f932ea1db43334a01b2f4
.
Moreover, ntopng detects mining hosts by using this list:
https://github.com/ntop/ntopng/blob/dev/httpdocs/other/lists/web_mining.txt
. The list is currently not updated although it will update
automatically in the future. You will probably find the ip address of
the host in the text file above.
Regards,
Emanuele
On 1/18/19 6:23 AM, Dan Craciun wrote:
Hi,
I see we have an "Alerts dashboard" where, for now, I could only see
that one computer was infected with an app that did some webmining.
What rules does ntop/ndpi uses for those flow alerts? Can I load snort
rules?
Thank you.
Best regards,
Dan Craciun
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
