Intrusion Detection

Since you’re marketing this router as a security focused router, do you know if it will provide any traffic analysis/blocking capabilities similar to Cujo? Say using SNORT with automatic ruleset updates and ipt_unclean for protocol anomaly detection?

4 Likes

Even if they don’t include the startup scripts, it should be easy to setup using the opkg packages. Memory might be a problem though. It depends on what you need the router to do (VM, NAS, VPN, etc.)

Continuing the discussion from Amount of antennae (signal mixers)?:

‘Intrusion Detection Systems’ sounds as pretty advanced stuff!

Up untill now I simply run a FW on the router (and sometimes some local FW’s). But it seems that this is going to change soon! :sunglasses:

Could anyone point-out some newbie-friendly sites for me to read-up to get me (and possibly others) started?

[quote=“woosting, post:3, topic:155, full:true”]‘Intrusion Detection Systems’ sounds as pretty advanced stuff!

Up untill now I simply run a FW on the router (and sometimes some local FW’s). But it seems that this is going to change soon! :sunglasses:

Could anyone point-out some newbie-friendly sites for me to read-up to get me (and possibly others) started?
[/quote]

https://www.sans.org/reading-room/whitepapers/detection/inexpensive-wireless-ids-kismet-openwrt-33103


Not quite “newbie friendly”, but should give somekind of picture what would be possible on OpenWRT.
Actually if you are familiar with OpenWRT and building it from source, pretty much “sky is the limit”…

EDIT:
These should be for “newbies” http://www.itsecurity.com/features/intrusion-detection-for-dummies-072906/
http://www.dummies.com/how-to/content/network-security-intrusion-prevention-and-detectio.html
https://www.sans.org/reading-room/whitepapers/detection/understanding-ips-ids-ips-ids-defense-in-depth-1381

1 Like

Someone having any sucess with this now?