After less than 2 months from its launch, here we have a fresh new version of Fl0wer !

New features, improvements, optimizations and obviously bug fixing. So, what's new in version 1.1 ?

Top 100 Flows

Instantly identify who/what is making most traffic, packets or taking too much time on the network to do their stuff.

Customizable Network Bogons

Your firewall is probably refusing connections incoming from bogon networks, but are sure that you are not calling them ? Do you still rely on NAT as a security measure ? Take help from Team Cymru.

Customizable IP Reputation

Like for people in real life, reputation for an IP address in a packet's life can have a great meaning. Hopefully don't trust scams and phishing, why should you trust connections to IP addresses with a bad reputation ? There are tons of publicily available lists on the Internet, constantly updated, that allow you to know who your users are talking to.

TOR & P2P Flows

Anonymity is a great thing that has to be protected, but in certain contexts it is simply not feasible. Unfortunately the TOR network is often used to hide real dangers (just think of the WannaCry issue of some days ago). And while there exist perfectly legal P2P networks (Sibelius sounds from Avid, as example, was distributed using one of this kind of networks), mostly are vectors for piracy and copyrighted material. Better to know it.

Unclassified Flows

NPAR is a very powerful tool to classify network traffic since it encompass years of experience in software, but it obviously cannot detect everything. And when it can't, it is probably worth to take a look at it.

VPN & Network Tunnel Flows

VPNs and Network Tunnels are daily tools used by thousands to do their job. But if you think about it, they could be excellent ways to do data exfiltration. Be prepared.

Authentication Flows across the Internet

Sometimes, the flaws in designing an infrastructure are just the details of implementing authentication mechanisms for users or services. Verify it by yourself before someone else does it.

External Management Flows across the Internet

Systems and network management should never be done outside of an encrypted channel like a VPN, since a lot of legacy devices or systems simply does not support modern management tools (SSH, Encrypted SNMPv3, etc.).

Risky Flows (clear text)

In most cases, information entering or leaving your company should never travel in clear text across the world. Let NPAR give you a hand about this.

Unknown DNS, NTP and BGP

Hands up who never had to fix Active Directory or Kerberos timing problems or unresolvable hosts from their clients. And if you are rich and have BGP peerings, be sure to take care of them !

Network Scans & Floods

Fl0wer 1.1 includes the first version of a security module that allows you to track some scans & floods even if they don't cross your firewall. It works and it will be improved.

Bugfixes

Ehm yes, bugs happens. Fixed several things in IP representation and in Traffic Rules. Beg your pardon.

Hope you enjoy so much work (and more will come!)

Gilberto