Installing a Snort IDS
To start monitoring our network for irregular traffic, we are going to start by installing a Snort IDS. Snort is one of the oldest and most feature packed Open Source Network Intrusion Detection Systems (NIDS). It is free for use, and there is a wide collection of rules freely available for it, as well as information and support on designing your own custom checks.
How to do it…
- Install the snort daemon package:
sudo apt-get install snort
- When prompted, enter the network interface which you want to monitor. For our example, we will use eth0, which on our router is the LAN port.
- Next, enter the network range which you consider local. We will use 10.0.0.0/24, which we previously defined as the LAN range. If desired, you can specify multiple CIDR blocks by having them comma separated without any whitespace.
How it works…
The network range(s) that you defined as local in the third step are used to populate the $HOME_NET setting within Snort. $HOME_NET
and $EXTERNAL_NET...