Several Ways To Make An Intrusion Detection System On Linux

Hello reader,

You were minding your own business and suddenly it occurred to you that not only did you want to script an Intrusion Detection System – you wanted it to do something no other IDS has ever done.

(Shhh I know it’s like I read your mind!)

Chances are you haven’t given it a lot of thought, but why not start now? If you are a Linux user you can do it in python, bash, or pretty much any other language that has libraries for socket monitoring.

If you have nmap you could get started with this version right now and within 20 minutes have an IDS that can be modified extensively. You could just as an example:

  1. Combine it with a port mirror?
  2. Set the alert to trigger something other than alarm bell?
  3. Build a port closing script and set it as an executable that responds to this running as a daemon?

Obviously a port mirror won’t be very useful to combine with this unless you are running it on a gateway server. But things you could trigger in response to an intrusion might surprise you. With just a bit of tweaking you could get an intruding packet redirected to a honeypot – or something similar.

A great python example could be this one at sourceforge. Reverse engineering it may take longer than finding an existing python script that is leaning in the direction of what you want though so if you mean to build it you need to have a few thoughts about your end result.

A few thoughts:

  • Do you need something system wide or just application specific?
  • Do you know which applications have modifiable scripts that could touch your IDS?
  • Is Modifying Snort, Suricata, or Samhain a better option?

When thinking and scripting proactively we can assume a system wide protection is best – but it isn’t necessarily. In recent years the applications that required the most protection were browsers, email programs, messaging platforms, and websites (including databases.)

While browser security tools exist there isn’t much documentation that tells us specifically which browser plugins prevent exploits – and certainly there aren’t many cases of browser based system intrusions > paradoxically, there are countless downloads that enable intrusion and/or links clicked to enable them.

Snort, Suricata, Samhain. Aide, and other IDS do bolster the port/socket based security – but like with firewalls – if an admin makes unusual exceptions by clicking the wrong scripts or downloading backdoor software, some targets are simply lulled into a sense of security that is actually detrimental.

What practices can prevent intrusion?

I’m certainly not about to ramble about your passwords – I hate those articles. Rather a look at how malicious script is introduced to better familiarize you with doing your own part in preventing an intrusion invitation.

Via browser: Links that have been shortened by unscrupulous or unrecognizable link shortening services are often the culprit in a variety of exploits – from intrusion to cookie theft – the best practice is always hover on a link if you don’t know or trust the sender. Generally if the link looks to be full of redirects – don’t click it. Redirecting a browser onto and off of a page set up to gather data or execute code is fairly common these days because it works.

Email programs: Yes people still love them for whatever reason, aside from sending mail from a desktop they are pretty much just browsers that can execute a wider variety of code though. PDF downloads that “might” contain malicious scripts, zipped files that “might be backdoor software” and  yet users insist on using outdated versions of these email programs – or worse – they use a homebrew email server with no protections.

Websites: Everyone who visits a website leaves enough info about their system to fill a small logbook – so naturally some hackers want that info and will go pretty far to get it. Compromising a database is one way – getting administrative control is another – and whichever way they go about it the result is the same. An index of names and information that can be processed into something lucrative. This website had an attacker for years who never managed to get in – we logged his/her attempts to compromise the login system and changed passwords whenever they got close. (We won’t say how many times that was because that would make it easier.) Obviously our password wasn’t 12345 though and that actually was an entire weeks worth of their attempts so the attacker was obviously new at this sort of thing, or a huge fan of Spaceballs?

Whatever you decide to build – implement good practices – don’t run a website and let everyone post links or posts without vetting everything. Because beyond 50,000 crap articles for off brand viagra from Canada – you could unintentionally host some malicious script and ruin someone else’s day.

Spread the love

35 thoughts on “Several Ways To Make An Intrusion Detection System On Linux”

  1. The next time I learn a blog, I hope that it doesnt disappoint me as a lot as this one. I imply, I know it was my choice to learn, but I truly thought youd have something attention-grabbing to say. All I hear is a bunch of whining about one thing that you can repair when you werent too busy on the lookout for attention.

  2. Normally I don’t learn article on blogs, but I would like to say that this write-up very compelled me to try and do so! Your writing taste has been surprised me. Thanks, quite great article.

  3. Thank you, I have just been looking for info about this topic for ages and yours is the best I’ve came upon so far. But, what in regards to the conclusion? Are you sure in regards to the supply?

  4. I’m not sure where you are getting your info, but great topic. I needs to spend some time learning more or understanding more. Thanks for wonderful information I was looking for this info for my mission.

  5. This is a excellent blog, would you be involved in doing an interview about just how you designed it? If so e-mail me!

  6. Buy Website Traffic from the leading worldwide traffic supplier. Buy Traffic from our trusted USA based company to increase your targeted web traffic today!

  7. Whoa! This blog looks just like my old one! It’s on a totally different topic but it has pretty much the same layout and design. Great choice of colors!

  8. I just could not leave your site before suggesting that I actually enjoyed the standard information a person provide for your visitors? Is going to be again steadily in order to investigate cross-check new posts

  9. As a Newbie, I am constantly browsing online for articles that can benefit me. Thank you

  10. Good – I should definitely pronounce, impressed with your web site. I had no trouble navigating through all the tabs and related information ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or something, site theme . a tones way for your customer to communicate. Nice task..

  11. Very good site you have here but I was curious if you knew of any forums that cover the same topics discussed here? I’d really love to be a part of online community where I can get responses from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Cheers!

  12. Hello very cool blog!! Man .. Excellent .. Wonderful .. I’ll bookmark your web site and take the feeds additionally…I am glad to search out so many helpful information here in the post, we want develop extra strategies in this regard, thank you for sharing. . . . . .

  13. Work at home, make money no matter where you are in the world!

  14. Get paid to write articles, blog posts, ebooks and many more!

  15. How Would You Like to PROFIT from Those Silly Little Advertisements That You See All Over the Internet? Now You CAN! Imagine if you could get PAID when people click on all those advertisements. An elite group of underground marketers don’t want you to know this, but you CAN be making money from those ads by using our secret system!

  16. Very nice write-up. I definitely like this website. Stick with it!

  17. Excellent article. I definitely appreciate this site . Keep writing!

  18. Discover How To Generate A Regular Income Direct From YouTube Without Creating Any Of Your Own Videos!

  19. Very smooth blog post . I definitely like your site. Thanks!

  20. I appreciate a lot for your effort in writing this article.

  21. Thank you greatly for your time in writing this blogpost.

Leave a Reply

Your email address will not be published. Required fields are marked *