Ubiquiti advertises IDS/IPS in their gateways and routers. Do GL.iNet’s products have a similar feature? If so, how do I enable it?
Brume3 and Slate7 pro offer (ndpi) but not snort, etc etc
Hi
At the moment, we do not have any products that support IDS/IPS.
However, you can install and use Snort to achieve similar functionality. For detailed instructions, please refer to the OpenWrt community guide below:
We also provide DPI features on some of our products, which can offer similar capabilities to a certain extent.
1 Like
Regardless, snort won't do you any good. It doesn't work, only on enterprise gear. You're a home user. Unifi doesn't work either (they focus on ndpi). You need to be able to decrypt the https traffic. Meaning you have to install a certificate on the firewall and on the machine. This is very intensive. And very difficult to do. Some sites do not behave well with decryption and encryption. Microsoft being one of them.
What you're looking for is ndpi. Which they do support.
1 Like
Is IDS/IPS being seriously developed, or is it still in the discussion phase?
IDS/IPS is still in a very early planning stage, likely at the technical research phase.
It won’t be available anytime soon—the earliest would be around v4.11 or later, and this is still subject to change.
1 Like
It's not needed. You can't justify a real reason for it. Trust me. Feel free and deploy a mirror port with snort server to look at the traffic. It will change your mind.
90% of the network traffic is encrypted. Welcome to post 2006.
10% is random traffic for ntp, DNS, etc etc which snort can read.
Again, if you do not do a man in the middle attack on each device to decrypt and encrypt traffic, ids/ips is worthless. It works at Big corporations because they have heavy duty firewall and networking devices.
You are a home user. You have zero business in the IDS IPS because of how heavily the traffic is encrypted on your network. It would cause more issues to deploy it than not to have it.
What you want is ndpi which reads the metadata from the packet. This will give you a decent enough information. This is what every other company on Earth uses including unifi, firewalla, glinet, etc etc.
Or the better alternative is crowdsource networking security.
Glinet should really looked at crowdsec. . . . That will do more work than the IDS IPS ever does.
Please do not waste efforts or implement.
If you want to implement security, something worth any salt, do CrowdSec, it will provide more security than IDS/IPS. This is the gold standard.
1 Like
I was Googling and found similar subjects discussed years ago. Is it really hard to implement that this is a multi-year process to even see if it's technically feasible?
1 Like
I wanted it too at one point but doing research there isn't much benefit.
Thank you for your suggestion—we’ll pass it along to our engineering team for consideration.
Additionally, this appears to be a form of IDS/IPS implementation.
CrowdSec Security Engine is an all-in-one IDS/IPS and WAF.
Yes, implementing IDS/IPS is quite challenging, which is why it is typically found only on enterprise-grade devices.
We are currently moving in that direction. As you may have noticed, we have already implemented a “foundational” technology—DPI—which enables deeper packet inspection and lays the groundwork for IDS/IPS to perform further analysis based on traffic characteristics.
Hi Will, I don't see the benefit of IDS/IPS since most traffic is encrypted. Even signature based filtering is not the best with Snort. Would it make sense on ARM? Are you planning an x86?
It's still in the early stages, so there aren't many technical details to share at this point.
However, we've forwarded your concerns to the product and R&D teams, and they will take them into consideration.
1 Like
Google is showing that you guys have been discussing this topic for more than a year. It doesn't seem like much progress was made.
No progress should be made, it's really pointless. I want everyone who asks for ids/ips to setup and manage one just for a week. You'll see why it's a terrible idea. No point. It's a dead product. It hasn't worked since 2006. You really REALLY NEED to decrypt traffic if you want ids/ips. This is why it's a corporate technology not home use.
3 Likes