Running an NIDS on the box: Snort


Snort is an open source Network Intrusion Detection System (NIDS).

Knowing well how to use snort as both a straight packet sniffer and packet logger, I had always desired to learn to use it as a network intrusion detection system. Today, I learned how to do that too.

I modified the /etc/rc.d/rc.snortd file to include a simple BASH construct

if [ "`/sbin/ifconfig ppp0 2> /dev/null`" ]; then
IFACE=ppp0
else
IFACE=eth0
fi

to automate choosing of which interface to listen to, depending on the availability of a Point-to-Point link, as I use a dial-up link only to get online.

Now, all I have to do is to execute /etc/rc.d/rc.snortd with the “start” or “restart” argument, and snort goes up automatically, listening as an NIDS.

It is actually kinda’ cool, seeing as snort has already flagged some 20+ various intrustion attempts. ;-p

One thought on “Running an NIDS on the box: Snort

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s