Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping.
wget https://raw.githubusercontent.com/Nameles-Org/Nameles/master/setup
chmod +x setup && ./setup
While absolute measurement of detection capability is impossible, Nameles is the only detection solution that can be audited by indepedent parties and that is backed by several scientfic papers.
Nameles can detect invalid traffic on:
Also ReadReconDog – Reconnaissance Swiss Army Knife
Nameles implements a highly scalable entropy measurement using Shannon entropy of the IP addresses a given site is receiving traffic from, and then assigns a normalized score to the site based on its traffic pattern.
Nameles consist of two separate modules
The scoring-module replies to the query messages sent by DSP with the confidence score of the domain and the category in which the domain falls, based on the statistical thresholds of outlierness. In addition, the scoring-module forwards the messages to the data-processing-module for updating the scores at the end of the day.
Figure 1: An example deployment with a DSP
The scoring-module runs several worker threads that pull the queries from the DSP end and push the reply messages. The workers perform a single lookup in a shared hash table for each message. Therefore, the host running the scoring-module module requires minimal memory and drive. We recommend setting a worker per CPU and running latency tests with your expected throughtput load in order to dimensionate an appropriate number of processors for the host. Note that you can run several scoring modules in your system communicating with the same data processing module.
The data-processing-module performs precomputations with the stream of data received from the scoring module. The data is periodically serialized to a PostgreSQL database. The scores are computed at the end of each day. The host of this module would benefit from having a high amount of RAM and a certain number of processors in order to reduce the score computation times. We recommend at least 64GB of RAM and 4 cores.
You can install Nameless on a single machine or a cluster of multiple machines following the instructions on section 2.1 below. There are two options:
If you install Nameles on a multiple machine docker cluster/swarm, then you have two options: a) where you let docker allocate resources per service b) where you allocate reseources yourself.
For running Nameles on a single server on an Ubuntu or Debian system:
# download the setup script
wget https://raw.githubusercontent.com/Nameles-Org/Nameles/master/setup
# change the permissions
chmod +x setup
# run the setup script
./setup
You will have to create another shell, as in the shell where you run the setup now you will have a running docker instance.
psql -h 127.0.0.1 -p 5430 -U nameles
NOTE: you need to have installed the postgreSQL client as detailed in section 1.2
The dsp-emulator module can be used as an example for interfacing Nameles from your infrastructure, i.e. message formatting and zeromq port bindings. The latency test source code is implemented in C++ but a different language for which zeromq is available could be used.
If the machine where Nameles is running reboots or is interrupted for another reason, you can restart with:
sudo docker-compose -f ~/Nameles/nameles-docker-compose.yml up
Note that after each command you have to start a new shell, as the current shell has a container running in it.
sudo docker-compose -f ~/Nameles/data-docker-compose.yml up
sudo docker-compose -f ~/Nameles/scoring-docker-compose.yml up
sudo docker-compose -f ~/Nameles/emulator-docker-compose.yml up
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…