How to connect a Raspberry Pi IDS to the home router to detect intrusions network wide?
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
asked Jan 14 at 6:37
Vidura supunVidura supun
83
add a comment |
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
asked Jan 14 at 6:37
Vidura supunVidura supun
83
add a comment |
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
asked Jan 14 at 6:37
Vidura supunVidura supun
83
I'm configuring a raspberry pi IDS/IPS with ELK stack on a separate machine, my problem is to connecting it to the router in a way it can read traffic on the whole network and drop the suspicious packets.
The way I came up with is to configure Pi as a network gateway, connect it to the router through the Ethernet and force all the devices through that. I was wondering if there is a better solution.
network ids raspberry-pi
network ids raspberry-pi
asked Jan 14 at 6:37
Vidura supunVidura supun
83
asked Jan 14 at 6:37
Vidura supunVidura supun
83
edited Jan 14 at 10:21
Vidura supun
asked Jan 14 at 6:37
Vidura supunVidura supun
83
asked Jan 14 at 6:37
Vidura supunVidura supun
83
asked Jan 14 at 6:37
Vidura supunVidura supun
83
83
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201417%2fhow-to-connect-a-raspberry-pi-ids-to-the-home-router-to-detect-intrusions-networ%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
add a comment |
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
add a comment |
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
If you want to passively monitor the whole network a monitor port on the router or similar would be sufficient - although most common home routers (the ones with WLAN and cable/DSL modem in it) don't have anything like this.
If you want to monitor data and also actively block traffic the IDS has to be in the path of the traffic. This means it either needs to be setup as the gateway for all systems in the internal network and then forward the traffic to the router, or the router remains the gateway but the IDS is between the router and the ISP. In the latter case the Raspi needs to care about the ISP connectivity too, i.e. it needs to have the physical ability (which might require a DSL, cable or FFTH modem depending on the kind of connectivity to the ISP you have) and also have the login information, can speak PPPoE or whatever protocol is required for the ISP etc.
So your current idea of setting up Raspi as the network gateway is likely the easiest to implement way. But, as Josef noted in a comment: it should be setup in a way that users simply cannot bypass the IDS just by changing the gateway. This would be best achieved by having the router/modem physically behind the Raspi so that no internal system could be directly reach it and thus the only way for any internal system to the router/modem and then to the internet is through the Raspi.
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
edited Jan 14 at 13:07
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
answered Jan 14 at 7:44
Steffen UllrichSteffen Ullrich
115k13199264
115k13199264
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
add a comment |
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
Could you include in the answer the performance impact of putting the Pi as a gateway VS passive monitoring? I don't know how much throughput a Pi can handle but with a 100Mbps-1Gbps fiber connection for instance, I suspect it would be a serious bottleneck.
– zakinster
Jan 14 at 10:08
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
I think I would go with the Pi between router and internal network because it requires minimum configuration. Since I'm having bit of a performance problem running IDS in pi. Thank you for your clarification.
– Vidura supun
Jan 14 at 10:15
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
@zakinster: Please don't ask a new question (performance impact of active vs. passive) as a comment but ask a new question instead. In general: the performance impact of active mode depends on the model of Raspi, the specific configuration of snort like the depth of inspection and the amount of rules and the amount of traffic in the network. Passive mode never has a performance impact since the original traffic does not pass through the Raspi but it just gets duplicated there. Of course, Raspi might just loose traffic for analysis in this case.
– Steffen Ullrich
Jan 14 at 10:38
1
1
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
@Josef: good point. I've integrated this into the answer.
– Steffen Ullrich
Jan 14 at 13:08
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
Snort has the ability to terminate connections by sending a forged RST packet to both ends. This shouldn’t require routing all traffic through the pi. I believe it could be monitored on a passive mirrored port, and the resets sent through a second adapter to an active port.
– John Deters
Jan 14 at 13:24
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
add a comment |
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
Just connect your Raspberry Pi with an ethernet cable to your home router and get it to monitor local network traffic. Should work similar to the Snort NIDS, listening in on all local traffic in promiscuous mode.
How to set up mirror ports on various open source consumer router firmware
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
edited Jan 14 at 10:36
schroeder♦
73.6k29160195
73.6k29160195
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
answered Jan 14 at 8:56
Hild ForseteHild Forsete
11
11
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
add a comment |
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
4
4
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
"and get it to monitor local network traffic" that's not a trivial task and is the part that needs a lot more explaining. Also, you do not explain how to drop packets. Can you expand this answer?
– schroeder♦
Jan 14 at 9:22
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
I updated my question to usage of Pi as IDS/IPS, even though I stated packet dropping later. Promiscuous mode is a viable solution for only an IDS as it inspects a copy of traffic but i think this will solve the bottleneck problem stated above
– Vidura supun
Jan 14 at 10:26
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201417%2fhow-to-connect-a-raspberry-pi-ids-to-the-home-router-to-detect-intrusions-networ%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
