Welcome to our community
Be apart of something great, join today!
Linux can I run Linux and SNORT off a USB flash pen
- Thread starter jfish
- Start date
Don't see why not...build a system with, say, Ubuntu and Snort then use Remastersys to create a live .iso and blow it to the pen...
next question, placement of SNORT
SNORT will be installed on a desktop with 2 nics - just thinking aloud (and probably I am incorrect) can I plug the from VM BB cable router into NIC1 on Snort Desktop and then NIC2 goes to ddwrt BB router
VM Cable router <----> SNORT PC <----> DDWRT Router
Plan is to have all traffic go thru SNORT IDPS, check and drop any dodgy packets
Anyone done this and can give me some guidance
SNORT will be installed on a desktop with 2 nics - just thinking aloud (and probably I am incorrect) can I plug the from VM BB cable router into NIC1 on Snort Desktop and then NIC2 goes to ddwrt BB router
VM Cable router <----> SNORT PC <----> DDWRT Router
Plan is to have all traffic go thru SNORT IDPS, check and drop any dodgy packets
Anyone done this and can give me some guidance
It might be better to say what you're trying to achieve as running Snort from a USB pen may not be responsive enough...
...I haven't done this but theoretically it should be achievable - you'll probs have to do some network jiggery-pokery though i.e. routing from a private segment through another private segment to the public Internet isn't always easy. You may have to 'steal' a public subnet...
...I haven't done this but theoretically it should be achievable - you'll probs have to do some network jiggery-pokery though i.e. routing from a private segment through another private segment to the public Internet isn't always easy. You may have to 'steal' a public subnet...
an overview of how it all bolts together
There are four components to this all
MySQL - log written to database
Barnyard2 - Processes the logs Snort generates and write to the MySQL database - This is recommended as Snort can process the packets and not worry about writing to the back end MySQL database.
BASE - Web Front end of viewing the alerts and generating reports
Snort - Run in inline or IPS mode
see screen shot below - Them alerts are just me logging all traffic going from my network over port 80 and 8080 - just a way to test to see its all working
There are four components to this all
MySQL - log written to database
Barnyard2 - Processes the logs Snort generates and write to the MySQL database - This is recommended as Snort can process the packets and not worry about writing to the back end MySQL database.
BASE - Web Front end of viewing the alerts and generating reports
Snort - Run in inline or IPS mode
see screen shot below - Them alerts are just me logging all traffic going from my network over port 80 and 8080 - just a way to test to see its all working
Attachments
Last edited:
re-built Snort again, but with a more recent version - which doesnt require 2 NICS to be setup as bridge - as it uses DAQ and running Snort you tell it to run in IPS mode and the 2 NICS to use for sniffing network traffic
I am suprised the amount of alerts it has generated when just doing standard web browsing.
When I have time this weekend, will document it all and may even write a shell script to automate most of the install.
Also suprised it runs smoothly on a 1.7GHz P4 with 512 MB RAM.
I am suprised the amount of alerts it has generated when just doing standard web browsing.
When I have time this weekend, will document it all and may even write a shell script to automate most of the install.
Also suprised it runs smoothly on a 1.7GHz P4 with 512 MB RAM.
