Installing a Snort IDS
To start monitoring our network for irregular traffic, we are going to start by installing a Snort IDS. Snort is one of the oldest and most feature packed Open Source Network Intrusion Detection Systems (NIDS). It is free for use, and there is a wide collection of rules freely available for it, as well as information and support on designing your own custom checks.
How to do it…
- Install the snort daemon package:
sudo apt-get install snort
- When prompted, enter the network interface which you want to monitor. For our example, we will use eth0, which on our router is the LAN port.
- Next, enter the network range which you consider local. We will use 10.0.0.0/24, which we previously defined as the LAN range. If desired, you can ...