meta data for this page
Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

IDS

  • snort
  • suricata
  • Suricata + extras: SELKS

suricata

Only logs alerts. Need other tool to grep logs and send emails.

/etc/suricata/local.rules
alert udp !$DHCP_SERVERS 67 -> any 68 (msg:"detect rogue DHCP servers!"; sid:123456789;)
#alert udp !$DHCP_SERVERS 67 -> 255.255.255.255 any (msg: "detect rogue DHCP server!"; sid:1000001;)

SELKS

3 method of installation:

  • source
  • docker image
  • debian based ISO distro