How to connect a Raspberry Pi IDS to the home router to detect intrusions network wide?
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
asked 9 hours ago
Vidura supunVidura supun
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
asked 9 hours ago
Vidura supunVidura supun
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
asked 9 hours ago
Vidura supunVidura supun
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
network ids raspberry-pi
asked 9 hours ago
Vidura supunVidura supun
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 9 hours ago
Vidura supunVidura supun
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 5 hours ago
Vidura supun
asked 9 hours ago
Vidura supunVidura supun
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 9 hours ago
Vidura supunVidura supun
83
asked 9 hours ago
Vidura supunVidura supun
83
83
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Vidura supun is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited 5 hours ago
schroeder♦
73.4k29160195
answered 6 hours ago
Hild ForseteHild Forsete
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Vidura supun is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201417%2fhow-to-connect-a-raspberry-pi-ids-to-the-home-router-to-detect-intrusions-networ%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
add a comment |
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
add a comment |
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
edited 2 hours ago
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
answered 8 hours ago
Steffen UllrichSteffen Ullrich
114k13197263
114k13197263
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
add a comment |
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
5 hours ago
1
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
2 hours ago
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited 5 hours ago
schroeder♦
73.4k29160195
answered 6 hours ago
Hild ForseteHild Forsete
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited 5 hours ago
schroeder♦
73.4k29160195
answered 6 hours ago
Hild ForseteHild Forsete
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited 5 hours ago
schroeder♦
73.4k29160195
answered 6 hours ago
Hild ForseteHild Forsete
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited 5 hours ago
schroeder♦
73.4k29160195
answered 6 hours ago
Hild ForseteHild Forsete
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 5 hours ago
schroeder♦
73.4k29160195
edited 5 hours ago
schroeder♦
73.4k29160195
edited 5 hours ago
schroeder♦
73.4k29160195
73.4k29160195
answered 6 hours ago
Hild ForseteHild Forsete
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 hours ago
Hild ForseteHild Forsete
11
answered 6 hours ago
Hild ForseteHild Forsete
11
11
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Hild Forsete is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
add a comment |
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
4
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
6 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
5 hours ago
add a comment |
Vidura supun is a new contributor. Be nice, and check out our Code of Conduct.
Vidura supun is a new contributor. Be nice, and check out our Code of Conduct.
Vidura supun is a new contributor. Be nice, and check out our Code of Conduct.
Vidura supun is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201417%2fhow-to-connect-a-raspberry-pi-ids-to-the-home-router-to-detect-intrusions-networ%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
