Posted: Fri Mar 29, 2024 1:57 Post subject: Intrusion detection question
Hi there...I'm new to the forum...just wondering how to use the dd-wrt installation on my Linksys 3200ACM router to detect and mitigate unauthorized internet connections on my home network...Thanks.
DD-WRT itself in not designed to do this. Not to say you could not run or build a script to monitor for such things. Most attacks would come from the Internet, aka WAN port. Others could come from an easy to guess password over wifi.
Years ago I once had a script that would monitor login attempts and blacklist those IPs. The list grew quite large in a short amount of time. Most of the addresses were from China, so instead of continuing with the script, I just blocked all the subnets from China in iptables. Hindsight tells me this was probably not the best practice.
The best defence against this is to not have any ports opened up on your WAN interface, thus making it practically invisible to the outside world....and having strong passwords on your wifi for more localized attacks, if using it. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Also keep in mind that many IoT devices can play dirty as well and should be vetted heavily before installing them inside your home....or better yet, build your own as I do with many devices. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Fri Mar 29, 2024 12:58 Post subject: Re: Intrusion detection question
RMT2024 wrote:
Hi there...I'm new to the forum...just wondering how to use the dd-wrt installation on my Linksys 3200ACM router to detect and mitigate unauthorized internet connections on my home network...Thanks.
DDWRT runs linux and as such you should be able to install suricata via entware
But I did never try it myself
Suricata is huge and memory consuming not sure if it will run on your router though