Hacker News new | ask | show | jobs
by teitoklien 1644 days ago
If you’re running your custom homebuilt router, you can use IDS systems like snort[0] or suricata[1]

It’s pretty fun to setup !, you can take any old desktop/laptop at your home and make them into your own custom router by running a linux or bsd instance on it.

If you go this route, I would recommend suricata ids as you can setup more complex and sophisticated system easily, compared to snort.

[0](https://www.snort.org/)

[1](https://suricata.io/)
1 comments
tonymet 1643 days ago
Thanks this is a great idea.

One compromise would be to add an extra hop (like a raspberry pi ) to the IOT vlan, and install snort there. That way I could retain my primary router (currently Ubnt ERX).

Great tip!

link
Elora 1640 days ago
Are you running stock firmware on the ERX and are you happy with it? Looking into potentially setting one up as well, any resources you could recommend for making best use of one?
link
tonymet 1640 days ago
Yep I use the stock /latest 2.x firmware. It includes a wizard to set up the lans, nat and firewall .

I recommend the 2 vlan setup and disable switch0 for the best performance .

It's a step up from consumer routers with more powerful firewall, qos, and configuration .

Ubiquitis docs are great

https://help.ui.com/hc/en-us/articles/115002531728-EdgeRoute...

link
Elora 1637 days ago
Thanks for this! What came out of that major breach they had earlier this year? Since I wasn't part of their ecosystem I never followed up.
link
teitoklien 1643 days ago
Yush, that works great too :D,

Happy tinkering ^^ and merry christmas

link