|
Title: Raspberry Pi for Layer 2 IDS? Post by: Eleven on December 09, 2012, 12:38:00 PM I'm reading TJ OConnor's Detecting and Responding to Data Link Layer Attacks and I'm wondering how well the Raspberry Pi work with detecting these layer 2 attacks using the Python example scripts in the paper. Does anyone have any experience with it?
http://www.sans.org/reading_room/whitepapers/detection/detecting-responding-data-link-layer-attacks_33513 Title: Re: Raspberry Pi for Layer 2 IDS? Post by: ajohnson on December 10, 2012, 08:54:05 AM Hardware constraints might be a limiting factor if you're going to monitor a large amount of traffic. You also only get one NIC by default, so you'll have to perform monitoring and management on the same port. It'll probably be fine for playing around with at home or in a small office though.
Title: Re: Raspberry Pi for Layer 2 IDS? Post by: Eleven on December 10, 2012, 02:39:14 PM Apparently you're right and the network performance isn't good. Oh well, maybe they'll come up with a better version in the future.
Title: Re: Raspberry Pi for Layer 2 IDS? Post by: ajohnson on December 10, 2012, 04:46:13 PM If you're just looking to do IDS activities in a small form factor, check out the Soekris boards: http://soekris.com/
They go up to 1.6Ghz/2GB/4 Ethernet ports, but they're obviously much more expensive than a Raspberry Pi. Title: Re: Raspberry Pi for Layer 2 IDS? Post by: Eleven on December 11, 2012, 04:32:51 PM If you're just looking to do IDS activities in a small form factor, check out the Soekris boards: http://soekris.com/ They go up to 1.6Ghz/2GB/4 Ethernet ports, but they're obviously much more expensive than a Raspberry Pi. They are definitely more expensive, but I guess you can do more with them too... thanks :)
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |