I am wondering if anyone can point me to documentation on how to set up a basic Linux or Windows host that receives inbound Internet traffic on eth0, runs it through Snort and then passes the traffic through eth1 to a wireless router. My main concern is setting up inbound traffic to be routing through the system and then on to the wireless router. I am sure there is documentation for this, but I have not found anything as of yet.
-
1are you running it with smoothwall? – cop1152 Sep 04 '09 at 17:15
-
Thanks for your reply cop1152. No, I hadn't considered that, although I have heard of it. I will check it out. – Scott Davies Sep 05 '09 at 06:37
-
I just checked Smoothwall out - WOW! Is that ever a streamlined experience for setting up a firewall. Thanks for telling me about it. – Scott Davies Sep 05 '09 at 06:50
2 Answers
Building an IPS using Snort at Hakin9.
will run on a Linux box with the 2.6.12.6 kernel.
The box we will run the IPS on has three network adapters, of which only one will have an IP assigned and will be used to control the system. The other two adapters will only be configured up to OSI layer 2 and all network traffic being analysed will be sent between them. The IPS will therefore act as a network bridge, transparent to other network devices and hosts. Figure 1 presents a diagram of a sample network after such an IPS is connected. Note that in this article we will not go into building the entire network, but rather we will focus on the IPS system itself.
alt text http://en.sdjournal.org/magazines/2/1/art_9/0e2abe36ed81a3e4df80a6c23ceaf362_oryg.png
![](../../users/profiles/4721.webp)
- 7,040
- 2
- 24
- 30
You would probably be best served by using the Snort Setup Guides there are a few of them there, pick the one that matches the OS you are going to use.
I've never used snort as an IPS, only as an IDS so i can't comment much further.
![](../../users/profiles/5880.webp)
- 36,995
- 5
- 52
- 95