Skip to content

Deployment Instructions

Jump to bottom
g3tsyst3m edited this page Jun 15, 2023 · 8 revisions

The crude layout below is how I have this configured for my personal deployment:

This setup will afford you with the following capture capabilities:

  • Ability to capture information from outside attacks (portscans, web server attacks, etc) against your public IP/WAN interface
  • Ability to capture device to device suspicious activity
    • This includes virtual interface traffic such as wifi eth0.1, etc
  • Ability to capture all Inbound and Outbound activity from your device ingress/egress points to and from your WAN

I have a cable modem in bridge mode so the ISP connection passes through my modem and is managed by my tomato wifi router. Tomato will copy/tee all packets to your suricata listening interface (eth0). This is assuming your tomato configuration is setup according to the instructions on this wiki page: https://github.com/g3tsyst3m/BriarIDS/wiki/Tomato-config-instructions-setup

Clone this wiki locally