PAS-17: Configuration Option for Passive Only Checks

Issue Information

Issue Type: New Feature
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Done (2015-11-27 13:12:20)
Affects Version: 0.1,
Target version: 0.1,
Components: Configuration Options ,

Created: 2015-11-26 18:14:33
Time Spent Working
30 minutes
25 minutes
5 minutes

The script is almost entirely passive, but does do reverse lookups on observed IPs.

It would be possible to generate traffic from a "canary" ip if the block was delegated to your name server. If a PTR request is received for that IP then someone is taking an interest in your traffic.

So should introduce a config option to allow the script to be limited to truly passive analysis

Toggle State Changes


Have added a new configuration option for - PASSIVE_ONLY

Where is has a non-zero value, only truly passive checks will be run. At the moment that simply means the PTR's on associated IP's won't happen, but obviously in the future there may be more to it than that.

Repo: PCAPAnalyseandReport
Commit: ff51a1bb4aaf5b266c5f05cc9fcc88dd6b98f5f0
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 12:48:12 2015 +0000
Commit Message: Added PASSIVE_ONLY configuration option. See PAS-17

Modified (-)(+)

Webhook User-Agent


View Commit

btasker changed timespent from '0 minutes' to '5 minutes'
btasker changed status from 'Open' to 'Resolved'
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'
Re-opening to assign a component
btasker removed 'Done' from resolution
btasker changed status from 'Closed' to 'Reopened'
btasker changed status from 'Reopened' to 'Resolved'
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'

Work log

Ben Tasker
2015-11-27 12:49:49

Time Spent: 5 minutes
Log Entry: Implementing and documenting