{"id":150,"date":"2015-08-08T00:38:09","date_gmt":"2015-08-07T21:38:09","guid":{"rendered":"http:\/\/home.dgrechka.net\/blog\/?p=150"},"modified":"2015-08-08T00:38:09","modified_gmt":"2015-08-07T21:38:09","slug":"link-layer-ids-for-home-and-soho","status":"publish","type":"post","link":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/","title":{"rendered":"Link-layer IDS for home and SOHO"},"content":{"rendered":"<p>Hi,<\/p>\n<p>Today I got acquainted with recent years wi-fi penetration techniques (e.g. <a href=\"http:\/\/www.wirelessdomination.com\/how-to-crack-wpa2-wifi-password-using-reaver-wpa2\/\">brutefrocing WPS pin<\/a>). I realized that the strongest security measures at my home are set for WAN side at the Internet gateway. For years I considered my LAN absolutely safe. But WPA PSK with long random key-phrase turned out to be not enough.<\/p>\n<p>Taking measures, after disabling WPS at my access point I decided to add lightweight intrusion detection for LAN (as setting up such heavy intrusion detection systems like <a href=\"https:\/\/www.snort.org\/\">Snort<\/a> is overkill for my home environment. I think the same is true for most of the home and SOHO (small office home office) environments). Link layer seemed the most appropriate level to monitor as almost every intruder action will touch it.<\/p>\n<p>I desired to monitor arp and IPv6 neighbourhood tables at my Internet gateway as primary goal for me is preventing the intruder from doing illegal actions using my connection.<br \/>\nTo monitor the tables I wrote a script which notifies me upon unknown PC connects to my home LAN. It polls the tables comparing the records with known PCs MAC addresses.<br \/>\nThe script is at github: <a href=\"https:\/\/github.com\/dgrechka\/LLIDS\">https:\/\/github.com\/dgrechka\/LLIDS<\/a><\/p>\n<p>Now I fill more safe =)<br \/>\nDeploy the script in your homes. Let&#8217;s control our networks =)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, Today I got acquainted with recent years wi-fi penetration techniques (e.g. brutefrocing WPS pin). I realized that the strongest security measures at my home are set for WAN side at the Internet gateway. For years I considered my LAN absolutely safe. But WPA PSK with long random key-phrase turned out to be not enough. &hellip; <a href=\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Link-layer IDS for home and SOHO&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":154,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31,2],"tags":[32,36,35,33,34],"class_list":["post-150","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-hobby","tag-ids","tag-link-layer","tag-penetration","tag-wi-fi","tag-wpa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Link-layer IDS for home and SOHO - Dmitry A. Grechka<\/title>\n<meta name=\"description\" content=\"Link-layer Intrusion Detection System (IDS) for home and Small Office - Home Office (SOHO)\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Link-layer IDS for home and SOHO - Dmitry A. Grechka\" \/>\n<meta property=\"og:description\" content=\"Link-layer Intrusion Detection System (IDS) for home and Small Office - Home Office (SOHO)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/\" \/>\n<meta property=\"og:site_name\" content=\"Dmitry A. Grechka\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-07T21:38:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1235\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"dmitry\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dmitry\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/\",\"url\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/\",\"name\":\"Link-layer IDS for home and SOHO - Dmitry A. Grechka\",\"isPartOf\":{\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png\",\"datePublished\":\"2015-08-07T21:38:09+00:00\",\"author\":{\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/#\/schema\/person\/63485104fdec6dbe258ea67c2e053a6f\"},\"description\":\"Link-layer Intrusion Detection System (IDS) for home and Small Office - Home Office (SOHO)\",\"breadcrumb\":{\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#primaryimage\",\"url\":\"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png\",\"contentUrl\":\"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png\",\"width\":1235,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/grechka.family\/dmitry\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Link-layer IDS for home and SOHO\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/#website\",\"url\":\"https:\/\/grechka.family\/dmitry\/blog\/\",\"name\":\"Dmitry A. Grechka\",\"description\":\"Personal blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/grechka.family\/dmitry\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/#\/schema\/person\/63485104fdec6dbe258ea67c2e053a6f\",\"name\":\"dmitry\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/grechka.family\/dmitry\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ce55dc1fed08e9a15667f56e3285826aa634c717d9c0e34809d717f699bb7b0b?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ce55dc1fed08e9a15667f56e3285826aa634c717d9c0e34809d717f699bb7b0b?s=96&d=identicon&r=g\",\"caption\":\"dmitry\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Link-layer IDS for home and SOHO - Dmitry A. Grechka","description":"Link-layer Intrusion Detection System (IDS) for home and Small Office - Home Office (SOHO)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/","og_locale":"en_GB","og_type":"article","og_title":"Link-layer IDS for home and SOHO - Dmitry A. Grechka","og_description":"Link-layer Intrusion Detection System (IDS) for home and Small Office - Home Office (SOHO)","og_url":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/","og_site_name":"Dmitry A. Grechka","article_published_time":"2015-08-07T21:38:09+00:00","og_image":[{"width":1235,"height":200,"url":"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png","type":"image\/png"}],"author":"dmitry","twitter_misc":{"Written by":"dmitry","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/","url":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/","name":"Link-layer IDS for home and SOHO - Dmitry A. Grechka","isPartOf":{"@id":"https:\/\/grechka.family\/dmitry\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#primaryimage"},"image":{"@id":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#primaryimage"},"thumbnailUrl":"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png","datePublished":"2015-08-07T21:38:09+00:00","author":{"@id":"https:\/\/grechka.family\/dmitry\/blog\/#\/schema\/person\/63485104fdec6dbe258ea67c2e053a6f"},"description":"Link-layer Intrusion Detection System (IDS) for home and Small Office - Home Office (SOHO)","breadcrumb":{"@id":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#primaryimage","url":"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png","contentUrl":"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png","width":1235,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/grechka.family\/dmitry\/blog\/2015\/08\/link-layer-ids-for-home-and-soho\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/grechka.family\/dmitry\/blog\/"},{"@type":"ListItem","position":2,"name":"Link-layer IDS for home and SOHO"}]},{"@type":"WebSite","@id":"https:\/\/grechka.family\/dmitry\/blog\/#website","url":"https:\/\/grechka.family\/dmitry\/blog\/","name":"Dmitry A. Grechka","description":"Personal blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/grechka.family\/dmitry\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/grechka.family\/dmitry\/blog\/#\/schema\/person\/63485104fdec6dbe258ea67c2e053a6f","name":"dmitry","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/grechka.family\/dmitry\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ce55dc1fed08e9a15667f56e3285826aa634c717d9c0e34809d717f699bb7b0b?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ce55dc1fed08e9a15667f56e3285826aa634c717d9c0e34809d717f699bb7b0b?s=96&d=identicon&r=g","caption":"dmitry"}}]}},"jetpack_featured_media_url":"https:\/\/grechka.family\/dmitry\/blog\/wp-content\/uploads\/2015\/08\/ids.png","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/posts\/150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/comments?post=150"}],"version-history":[{"count":6,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/posts\/150\/revisions"}],"predecessor-version":[{"id":158,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/posts\/150\/revisions\/158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/media\/154"}],"wp:attachment":[{"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/media?parent=150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/categories?post=150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/grechka.family\/dmitry\/blog\/wp-json\/wp\/v2\/tags?post=150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}