GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → D4-project → BGP-Ranking

D4-project / BGP-Ranking

Licence: AGPL-3.0 license
BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN)

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects
javascript
184084 projects - #8 most used programming language

Labels

bgpcsirtnetwork-monitoringnetwork-securitycsirt-activitiesd4-projectbgp-ranking

Projects that are alternatives of or similar to BGP-Ranking

d4-core
D4 core software (server and sample sensor client)
Stars: ✭ 40 (-18.37%)
Mutual labels:  network-monitoring, network-security, d4-project
analyzer-d4-passivedns
A Passive DNS backend and collector
Stars: ✭ 26 (-46.94%)
Mutual labels:  network-monitoring, network-security, d4-project
Zeek-Network-Security-Monitor
A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
Stars: ✭ 38 (-22.45%)
Mutual labels:  network-monitoring, network-security
pycommunityid
A Python implementation of the Community ID flow hashing standard
Stars: ✭ 18 (-63.27%)
Mutual labels:  network-monitoring, network-security
Zxrequestblock
基于NSURLProtocol一句话实现iOS应用底层所有网络请求拦截(含网页ajax请求拦截【不支持WKWebView】)、一句话实现防抓包(使Thor,Charles,Burp等代理抓包方式全部失效,且即使开启了代理,也不影响App内部的正常请求)。包含http-dns解决方法,有效防止DNS劫持。用于分析http,https请求等
Stars: ✭ 160 (+226.53%)
Mutual labels:  network-monitoring, network-security
network-tools
Network Tools
Stars: ✭ 27 (-44.9%)
Mutual labels:  network-monitoring, network-security
Hack-Utils
Script to facilitate different functions and checks
Stars: ✭ 27 (-44.9%)
Mutual labels:  network-monitoring, network-security
Nfstream
NFStream: a Flexible Network Data Analysis Framework.
Stars: ✭ 622 (+1169.39%)
Mutual labels:  network-monitoring, network-security
Ivre
Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,331 (+4657.14%)
Mutual labels:  network-monitoring, network-security
masscanned
Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
Stars: ✭ 50 (+2.04%)
Mutual labels:  network-monitoring, network-security
community-id-spec
An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
Stars: ✭ 137 (+179.59%)
Mutual labels:  network-monitoring, network-security
ivre
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,712 (+5434.69%)
Mutual labels:  network-monitoring, network-security
testmynids.org
A website and framework for testing NIDS detection
Stars: ✭ 55 (+12.24%)
Mutual labels:  network-monitoring, network-security
ripeatlastracepath
A JavaScript/Python web-app which reads results from RIPE Atlas traceroute measurements (both IPv4 and IPv6) and shows the Autonomous Systems and Internet Exchange Points that probes traverse to reach the target.
Stars: ✭ 26 (-46.94%)
Mutual labels:  bgp
niddler
No description or website provided.
Stars: ✭ 48 (-2.04%)
Mutual labels:  network-monitoring
PoW-Shield
Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
Stars: ✭ 99 (+102.04%)
Mutual labels:  network-security
dnms
Another network monitoring app built with nodejs.
Stars: ✭ 18 (-63.27%)
Mutual labels:  network-monitoring
sacnview
sACNView provides a tool for monitoring and sending the Streaming ACN lighting control protocol used for lighting control in theatres, TV studios and architectural systems
Stars: ✭ 75 (+53.06%)
Mutual labels:  network-monitoring
training-materials
No description or website provided.
Stars: ✭ 47 (-4.08%)
Mutual labels:  csirt
planet-exporter
🚀 Determine server network dependencies along with required bandwidth
Stars: ✭ 17 (-65.31%)
Mutual labels:  network-monitoring
View All Similar Projects ➔

BGP Ranking

For an Internet Service Provider, AS numbers are a logical representation of the other ISP peering or communicating with its autonomous system. ISP customers are using the capacity of the Internet Service Provider to reach Internet services over other AS. Some of those communications can be malicious (e.g. due to malware activities on an end-user equipments) and hosted at specific AS location.

In order to provide an improved security view on those AS numbers, a trust ranking scheme is implemented based on existing dataset of compromised systems, malware C&C IP and existing datasets. BGP Ranking provides a way to collect such malicious activities, aggregate the information per ASN and provide a ranking model to rank the ASN from the most malicious to the less malicious ASN.

The official website of the project is: https://github.com/D4-project/bgp-ranking/

There is a public BGP Ranking at http://bgpranking.circl.lu/

BGP Ranking is free software licensed under the GNU Affero General Public License

BGP Ranking is a software to rank AS numbers based on their malicious activities.

Python client

$ pip install git+https://github.com/D4-project/BGP-Ranking.git/#egg=pybgpranking\&subdirectory=client
$ bgpranking --help
usage: bgpranking [-h] [--url URL] (--asn ASN | --ip IP)

Run a query against BGP Ranking

optional arguments:
  -h, --help  show this help message and exit
  --url URL   URL of the instance.
  --asn ASN   ASN to lookup
  --ip IP     IP to lookup

History

  • The first version of BGP Ranking was done in 2010 by Raphael Vinot with the support of Alexandre Dulaunoy. CIRCL supported the project from the early beginning and setup an online version to share information about the malicious ranking of ISPs.

  • In late 2018 within the scope of the D4 Project (a CIRCL project co-funded by INEA under the CEF Telecom program), a new version of BGP Ranking was completed rewritten in python3.6+ with an ARDB back-end.

  • In January 2022, BGP Ranking version 2.0 was released including a new backend on kvrocks and many improvements.

Online service

BGP Ranking service is available online http://bgpranking.circl.lu/.

A Python library and client software is available using the default API available from bgpranking.circl.lu.

CURL Example

Get the ASN from an IP or a prefix

curl https://bgpranking-ng.circl.lu/ipasn_history/?ip=143.255.153.0/24

Response

{
  "meta": {
    "address_family": "v4",
    "ip": "143.255.153.0/24",
    "source": "caida"
  },
  "response": {
    "2019-05-19T12:00:00": {
      "asn": "264643",
      "prefix": "143.255.153.0/24"
    }
  }
}

Get the ranking of the AS

curl -X POST -d '{"asn": "5577", "date": "2019-05-19"}' https://bgpranking-ng.circl.lu/json/asn

Note: date isn't required.

Response

{
  "meta": {
    "asn": "5577"
  },
  "response": {
    "asn_description": "ROOT, LU",
    "ranking": {
      "rank": 0.0004720052083333333,
      "position": 7084,
      "total_known_asns": 15375
    }
  }
}

Get historical information for an ASN

curl -X POST -d '{"asn": "5577", "period": 5}' https://bgpranking-ng.circl.lu/json/asn_history

Response

{
  "meta": {
    "asn": "5577",
    "period": 5
  },
  "response": {
    "asn_history": [
      [
        "2019-11-10",
        0.00036458333333333335
      ],
      [
        "2019-11-11",
        0.00036168981481481485
      ],
      [
        "2019-11-12",
        0.0003761574074074074
      ],
      [
        "2019-11-13",
        0.0003530092592592593
      ],
      [
        "2019-11-14",
        0.0003559027777777778
      ]
    ]
  }
}

Server Installation (if you want to run your own)

IMPORTANT: Use pipenv

NOTE: Yes, it requires python3.6+. No, it will never support anything older.

Install redis

git clone https://github.com/antirez/redis.git
cd redis
git checkout 5.0
make
make test
cd ..

Install ardb

git clone https://github.com/yinqiwen/ardb.git
cd ardb
DISABLE_WARNING_AS_ERROR=1 make  # ardb (more precisely rocksdb) doesn't compile on ubuntu 18.04 unless you disable warning as error
cd ..

Install & run BGP Ranking

git clone https://github.com/D4-project/BGP-Ranking.git
cd BGP-Ranking
pipenv install
echo BGPRANKING_HOME="'`pwd`'" > .env
pipenv shell
# Starts all the backend
start.py
# Start the web interface
start_website.py

Shutdown BGP Ranking

stop.py

Directory structure

Config files: bgpranking / config / *.json

Per-module parsers: bgpraking / parsers

Libraries : brpranking / libs

Raw dataset directory structure

Files to import

Note: The default location of <storage_directory> is the root directory of the repo.

<storage_directory> / <vendor> / <listname>

Last modified date (if possible) and lock file

<storage_directory> / <vendor> / <listname> / meta

Imported files less than 2 months old

<storage_directory> / <vendor> / <listname> / archive

Imported files more than 2 months old

<storage_directory> / <vendor> / <listname> / archive / deep

Databases

Intake (redis, port 6579)

Usage: All the modules push their entries in this database.

Creates the following hashes:

UUID = {'ip': <ip>, 'source': <source>, 'datetime': <datetime>}

Creates a set intake for further processing containing all the UUIDs.

Pre-Insert (redis, port 6580)

Usage: Make sure th IPs are global, validate input from the intake module.

Pop UUIDs from intake, get the hashes with that key

Creates the following hashes:

UUID = {'ip': <ip>, 'source': <source>, 'datetime': <datetime>, 'date': <date>}

Creates a set to_insert for further processing containing all the UUIDs.

Creates a set for_ris_lookup to lookup on the RIS database. Contains all the IPs.

Routing Information Service cache (redis, port 6581)

Usage: Lookup IPs against the RIPE's RIS database

Pop IPs from for_ris_lookup.

Creates the following hashes:

IP = {'asn': <asn>, 'prefix': <prefix>, 'description': <description>}

Ranking Information cache (redis, port 6582)

Usage: Store the current list of known ASNs at RIPE, and the prefixes originating from them.

Creates the following sets:

asns = set([<asn>, ...])
<asn>|v4 = set([<ipv4_prefix>, ...])
<asn>|v6 = set([<ipv6_prefix>, ...])

And the following keys:

<asn>|v4|ipcount = <Total amount of IP v4 addresses originating this AS>
<asn>|v6|ipcount = <Total amount of IP v6 addresses originating this AS>

Long term storage (ardb, port 16579)

Usage: Stores the IPs with the required meta informations required for ranking.

Pop UUIDs from to_insert, get the hashes with that key

Use the IP from that hash to get the RIS informations.

Creates the following sets:

# All the sources, by day
<YYYY-MM-DD>|sources = set([<source>, ...])
# All the ASNs by source, by day
<YYYY-MM-DD>|<source> -> set([<asn>, ...])
# All the prefixes, by ASN, by source, by day
<YYYY-MM-DD>|<source>|<asn> -> set([<prefix>, ...])
# All the tuples (ip, datetime), by prefixes, by ASN, by source, by day
<YYYY-MM-DD>|<source>|<asn>|<prefix> -> set([<ip>|<datetime>, ...])
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].