SNORT will be installed on a desktop with 2 nics - just thinking aloud (and probably I am incorrect) can I plug the from VM BB cable router into NIC1 on Snort Desktop and then NIC2 goes to ddwrt BB router
VM Cable router <----> SNORT PC <----> DDWRT Router
Plan is to have all traffic go thru SNORT IDPS, check and drop any dodgy packets
It might be better to say what you're trying to achieve as running Snort from a USB pen may not be responsive enough...
...I haven't done this but theoretically it should be achievable - you'll probs have to do some network jiggery-pokery though i.e. routing from a private segment through another private segment to the public Internet isn't always easy. You may have to 'steal' a public subnet...
after some reading it can be done. run SNORT in inline mode - need 3 NICs 2 without an IP address in promiscious mode and then bridged together and third NIC used as a management adapter.
update finally got this implemented, running under Ubuntu server, 3 NICs - one for management port and other 2 as bridge mode. Snort listens on the bridged NIC for traffic
If anyone is intersted, I will document the implementation process.
Barnyard2 - Processes the logs Snort generates and write to the MySQL database - This is recommended as Snort can process the packets and not worry about writing to the back end MySQL database.
BASE - Web Front end of viewing the alerts and generating reports
Snort - Run in inline or IPS mode
see screen shot below - Them alerts are just me logging all traffic going from my network over port 80 and 8080 - just a way to test to see its all working
re-built Snort again, but with a more recent version - which doesnt require 2 NICS to be setup as bridge - as it uses DAQ and running Snort you tell it to run in IPS mode and the 2 NICS to use for sniffing network traffic
I am suprised the amount of alerts it has generated when just doing standard web browsing.
When I have time this weekend, will document it all and may even write a shell script to automate most of the install.
Also suprised it runs smoothly on a 1.7GHz P4 with 512 MB RAM.