I noticed Snort 3 is in the application menu of my Flint 2. It can be installed on the router? Does anyone know of a good tutorial somewhere? ty
Snort is pretty advanced, so you might need to investigate your own tutorials that fit your level of knowledge. I assume snort on the router is just the agent, not the server.
It's not worth it. I keep telling people that ids ips is no long viable in year 2000's+ because traffic is heavily encrypted. It only works in enterprise because of mitm CA is installed on all devices monitored.
Go check the ndpi from netify, you can only see meta data and soon too that sni will also be encrypted and all you'll have is IP + MAC + Port.
Don't spend cpu running snort, instead run CrowdSec.
You'll get much more protection from community driven ban list.
3 Likes
Thank you very much.
1 Like