Load blacklisted IPs in nProbe IPS

[krakrenterprises]

I have tried to add another marker for Malware - 2, however when I restart nprobe, no marks are being listed.

Pool definition

{"pool":{"id":1,"name":"Local Networks","ip": [ "10.0.0.0/8", "172.0.0.0/8", "216.174.159.90/32" ], "mac": []},"policy": {"id": 1} }

Continents: Africa / Asia-Pacific / Europe / North America / South America

Policy definition

{"policy":{"id":0,"name":"root policy rule", "default_marker": "pass", "markers": { "categories": { "Malware": 2 }, "protocols": { }, "countries": { }, "asn" : { }, "continents" : { } } } } {"policy":{"id":1,"name":"root policy rule", "default_marker": "pass", "markers": { "categories": { "Malware": 2, "Network": 7, "Web": 5, "Download": 8, "VPN": 6, "Video": 9, "Music": 9, "Streaming": 9, "Media": 9, "Game": 3, "SocialNetwork": 4 }, "protocols": { }, "countries": { }, "ip" : { "216.174.159.3": 7 }, "continents" : { } } } }

GeoIP

{ "geoip": { "asn": "/usr/share/ntopng/httpdocs/geoip//dbip-asn-lite.mmdb", "city": "/usr/share/ntopng/httpdocs/geoip//dbip-country-lite.mmdb" }}

[krakrenterprises]

root@shaper:/home/krakr# conntrack -L -m 2 conntrack v1.4.5 (conntrack-tools): 0 flow entries have been shown.

[krakrenterprises]

[krakrenterprises]

Other marks working correctly.

[simonemainardi]

My guess is that, in this case, it is ntopng that determines and assigns the "Malware" category, using its blacklists. nProbe/nDPI aren't aware of blacklists and thus they can't say/mark Malware. @lucaderi can you please confirm.

[lucaderi]

@simonemainardi Correct. In essence @krakrenterprises you would like us to enhance nProbe to load blacklisted IPs ?

[krakrenterprises]

That would be a good feature for a future release of Nprobe