pfSense + snort is AWESOME, quick look at IPS/IDS (For Free)

Показать описание

Hey there guys, so my journey into pfSense continues where I have played around with some of the IDS/IPS functionality on it to see how easy this may be to configure and get working. So this tutorial will just be showing you how to install the snort package and how to perform a very basic configuration of it to start your own IDS/IPS journey.

I highly recommend reading the documentation from pfSense & snort to ensure your configurations matches your own needs. (Links in the pinned comment)

❗Help the channel grow by subscribing if you aren't subscribed already! A like is also very appreciated and feel free to leave a comment about what you liked or disliked in the video and what else you would like to see from me :) 👊❗

Details about the video:

Timestamps:
📕00:00 - Introduction
📕01:10 - Resource Recommendations
📕02:09 - Installing snort
📕03:40 - Configuring snort
📕18:30 - Testing snort

Support the Channel:

Social Media:

MTCRE Playlist:

MTCNA Playlist:

Thanks again for watching

Рекомендации по теме

Комментарии

As most things I suggest that you always review the documentation if you run into any snags or want to add any additional configuration to your setup :)

Netgate snort docs:

snort:

TheNetworkBerg

Thanks for putting this out here. It was very informative and helped me with setting mine up.

Bill_CBR

Howzit bru! Thanks for saving me hours and hours of time. It's so much quicker to set things up properly first and then try and break them than to not be sure if you built it broken in the first place!
Please keep doing loads more like this :)

snowballeffects

Your the only person I can understand fully and slow enough to get it done correctly thank you 🙏 ❤ not many tutorials out ❤❤❤❤

christiancrow

I've been using PfSense for some time now and thanks to you I get to learn more tricks, thanks! :)

MasterDXT

Thank you so much for making this lovely video!!

allaboutcomputernetworks

I love these videos. pfSense - you normally need to get the hardware, and Mikrotik I just think is very competitive in terms of performance as a router / switch etc.

randominternet

Hello sir,
Just wanted to thank you for all the quality videos. Learning a lot from your channel!
Very much enjoy your presentation style!

cbw

i love ur channel just found it today big fan u do an awsome job of explaning

louisshade

Thank you man for making this video, learning so much! Much appreciated it!

clubtc

Great video. Really helped unravel the mystery of setting up snort.

geoffhalsey

DrLegend approves this video. Hey just wanted to say that your video was great and easy to follow. A+ for content, A+ for instructions, A+ for easy to follow.
thanks for the hard work

drlegende

I have tried changing the rule category to IPS policy but it keeps being reversed to auto-flowbit rules despite applying . 14:58

josephgithinji

great video juststarting out in pfsense

nigelholland

Hello,
Thank you for the video. I wish you provide how to set it up for a network, not a laptop.
What would be the setup configuration between the Ubuntu laptop and my router?

MyITWorld-dv

$29.99/year for the personal license for Snort definitions is a good deal. It does allow you to stay on top of new threats. While I have been using Snort for a while, it is worth noting that Snort in pfSense is single threaded where as Suricata is multi-threaded. For my home network / lab, Snort hasn't been an issue, but I suppose it could be an issue depending on the size of your network and amount of traffic you are passing. Hopefully Netgate is able to get v3.x of Snort running on the platform now that it is multi-threaded. Since the WAN is a default deny all incoming unsolicited traffic, I'm not sure what benefit you'd get by adding that interface for monitoring, unless there are purposely open ports possibly. I've normally seen it on internal networks for isolating hosts with issues.

Bill_W_N

hi sir, I have tried but have a problem where when I do testing why the source is always 192.168.1.1, what's wrong? The destination is correct.

senzyy

If you're having issues with time out and error 0, check your dns settings under system>general setup. I had mine pointing at an old IP for my pihole+unbound setup. And check the logs of that DNS if you have it set right. Might have those providers blacklisted by accident. MMV

soulreaper

i cant seem to test my snort from an external network

baby_gurl

Hi, how to restrict client try to use tether their device using pfsense captive portal using snort?

shabeerneyyan

pfSense + snort is AWESOME, quick look at IPS/IDS (For Free)

pfSense + snort is AWESOME, quick look at IPS/IDS (For Free)

How To Secure pfsense with Snort: From Tuning Rules To Understanding CPU Performance

How to Configure Snort on pfSense

Intrusion Detection and Prevention System Implementation ( pfsense + snort ids and ips )

Set Up Snort in PFSense From Scratch (IDS and IPS)

SNORT IPS/IDS auf pfSense Firewall installieren und Konfigurieren.

Mastering Snort: The Essential Guide to Intrusion Detection Systems

Installation et configuration de Snort sur pfSense - Renforcez la sécurité de votre réseau !

Tutorial, Setting up Snort On pfsense 2.4 With OpenappID

pfSense Snort Configuration (IPS \ IDS)

How to Install Snort on a pfSense Firewall with Demonstration

pfsense snort portscan detect demo

pfSense Snort Setup

pfSense – Snort IDS/IPS z OpenAppID, czyli wykrywanie i zapobieganie włamaniom z detekcją aplikacji...

pfsense 2.4.4 - Como otimizar o snort no pfSense

pfSense Firewall - pfSense Administration Full Course

pfsense snort basic setup

pfSense Router Build part 3 - Snort IDS IPS

PFSense - Snort IDS/IPS Configuration

Demonstração Snort + Pfsense Bloqueando portscan/portsweep

How to setup snort on Pfsense 2.3.2 Part-13

pfsense 2.4.4 – Como configurar IPS/IDS no pfSense usando o SNORT

How To Setup Your Own IDS/IPS in PfSense With Snort

Snort Pfsense 2021