PAS-17: Configuration Option for Passive Only Checks



Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Done (2015-11-27 13:12:20)
Affects Version: 0.1,
Target version: 0.1,
Components: Configuration Options ,

Created: 2015-11-26 18:14:33
Time Spent Working
Estimated:
 
30 minutes
Remaining:
  
25 minutes
Logged:
  
5 minutes


Description
The script is almost entirely passive, but does do reverse lookups on observed IPs.

It would be possible to generate traffic from a "canary" ip if the block was delegated to your name server. If a PTR request is received for that IP then someone is taking an interest in your traffic.

So should introduce a config option to allow the script to be limited to truly passive analysis


Toggle State Changes

Activity


Have added a new configuration option for config.sh - PASSIVE_ONLY

Where is has a non-zero value, only truly passive checks will be run. At the moment that simply means the PTR's on associated IP's won't happen, but obviously in the future there may be more to it than that.

Repo: PCAPAnalyseandReport
Commit: ff51a1bb4aaf5b266c5f05cc9fcc88dd6b98f5f0
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 12:48:12 2015 +0000
Commit Message: Added PASSIVE_ONLY configuration option. See PAS-17



Modified (-)(+)
-------
Docs/OverridingConfiguration.md
PCAP_Analysis.sh




Webhook User-Agent

GitHub-Hookshot/333881f


View Commit

btasker changed timespent from '0 minutes' to '5 minutes'
btasker changed status from 'Open' to 'Resolved'
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'
Re-opening to assign a component
btasker removed 'Done' from resolution
btasker changed status from 'Closed' to 'Reopened'
btasker changed status from 'Reopened' to 'Resolved'
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'

Work log


Ben Tasker
Permalink
2015-11-27 12:49:49

Time Spent: 5 minutes
Log Entry: Implementing and documenting