存档

文章标签 ‘Colasoft nChronos’

Colasoft Announces Release of nChronos Network Performance Analysis System v5.6

2019年8月9日 没有评论

Chengdu, China, August 8, 2019-Colasoft Co., Ltd,a visionary provider of network performance analysis and diagnostics solutions, today announced the launch of nChronos Network Performance Analysis Solution v5.6. nChronos designed for 24×7 network packets capturing, analysis and storage, dedicated to the sustainable, efficient and safe running of networks, and provides a reliable data basis for determining constructive suggestions for enterprise profit growth.

Customer requirements for usability of nChronos drove the demand for the new version. With nChronos v5.6, users can fast drill down and locate the data which they want to check, and analyze traffic in an individual window. The new version also provide sublink configuration with 7 types, and add new burst alarm type to improve the usability.

“Nowadays, the network not only supports the business, but also driving the business. Network administrators need to see, manage and act on the network,” said Kang Lin, CEO of Colasoft. “Obviously, they need a visible, fast, and easy to use NPMD solution. That is what nChronos delivering for enterprise customers.”

The latest release of nChronos features:

  • Add custom analysis in new window.
  • Physical address supports virtual interface configuration.
  • Custom application analysis and application alarm for Netflow traffic.
  • Add sublinks for VLAN, VXLAN, MPLS VPN, ISL VLAN and network segment.
  • Add burst alarm type.
  • Traffic alarms support setting metric key value.
  • Add new metrics, including bps 95p peak, client IP quantity, slow connections and 0 window delay.
  • Add 1-minute baseline for links and applications on two metrics, total conversations and new conversations.

An evaluation version of nChronos v5.6 is available for download at http://www.colasoft.com/download/products/nchronos.php

Detect Brute-Force Attacks With nChronos Network Security Forensic Analysis Tool

2016年3月29日 没有评论

Brute-force attacks are commonly known attack methods by which hackers try to getaccess to restricted accounts and data using an exhaustive list/database of usernamesand passwords. Brute-force attacks can be used, in theory, against almost any encrypted data.

When it comes to user accounts (web based or system based), the first sign of a brute-force attack is when we see multiple attempts to login to an account, therefore allowing us to detect a brute-force attack by analyzing packets that contain such events. We’ll show you how Colasoft’s nChronos can be used to identify brute-force attacks, and obtain valuable information that can help discover the identity of the attacker plus more.

For an attacker to obtain access to a user account on a website via brute force, he is required to use the site’s login page, causing an alarming amount of login attempts from his IP address. nChronos is capable of capturing such events and triggering a transaction alarm, warning system administrators of brute-force attacks and when the triggering condition was met.

CREATING A TRANSACTION ANALYSIS & ALARM IN NCHRONOS

First, we need to create a transaction analysis to specify the pattern/behavior we are interested in monitoring:

From the nChronos main page, first select the server/IP address we want to monitor from the Server Explorer section.

Next, from the Link Properties, go to the Application section and then the Analysis Settings as shown below:

colasoft-nchronos-brute-force-attack-detection-2a

Figure 1. Creating a Transaction Analysis in nChronos (click to enlarge)

Now click the button of New Web Application (second green button at the top) to set a Web Application, input Name and HTTP Hostname, then check the box labeled Enable Transaction Analysis and add a transaction with URL subpath e.g “/login.html”.

Proactively monitor your network 24/7 for attacks, suspicious network traffic and problems – Download nChronos now!

At this point we’ve created the necessary Transaction Analysis. All that’s required now is to create the Transaction Alarm.

To create the alarm, click Transaction Alarms in the left window, input the basic information and choose the parameter of Transaction Statistics in Type, and then set a Triggering Condition as needed, for example, 100 times in 1 minute. This means that the specific alarm will activate as soon as there are 100 or more logins within a minute:

colasoft-nchronos-brute-force-attack-detection-3a

Figure 2. Creating a Transaction Alarm (click to enlarge)

Finally, you can choose Send to email box or Send to SYSLOG to send the alarm notification. Once complete, the transaction alarm fordetecting brute-force attack is set. When the alarm triggering condition is met an email notification is sent.

Note that the specific alarm triggering condition does not examine the amount of logins per IP address, which means the alarm condition will be met regardless if the 100 login attempts/min is from one or more individual IP addresses. This can be manually changed from theTransaction Analysis so that it shows the login attempt times of each individual IP address.

Below is a sample output from an alarm triggered:

colasoft-nchronos-brute-force-attack-detection-3a

Figure 3. nChronos Brute-Force alarm triggered – Overall report (click to enlarge)

And below we see the same alarm with a per-IP address analysis:

colasoft-nchronos-brute-force-attack-detection-4a

Figure 4. nChronos Brute-Force alarm triggered – IP breakdown (click to enlarge)

The article shows how nChronos can be used to successfully detect a Brute-Force attack against any node on a network or evenwebsites, and at the same time alert system administrators or IT managers of the event. If you’re a network administrator, network engineer or IT manager, we strongly suggest you try out Colasoft nChronos today and see how easily you can troubleshoot network problems, proactively obtain alerts on unusual network traffic and monitor your network around the clock.

from: http://www.firewall.cx/general-topics-reviews/colasoft/nchronos-forensic-analysis/1139-nchronos-brute-force-attack-detection.html