c nerd blog — Why Snort on OpenBSD 5.2

I’m installing intrusion detection software for three reasons.


I’m a software engineer involved in building (non–BSD) products for IT guys. It’s useful for me to have an idea of the problems they face. I’m not looking for specifics, just that idea. Since I’m not an IT pro myself, I don’t know the edge cases and weirdities that should be covered. That’s why this ain’t going to produce a perfect result. In particular, there will be security holes.

It’d be good to have another tool to help detect digital parasites. I suspect my girlfriend’s old XP box is infected, and it’d be nice to have some quite different evidence of this, one way or the other (before I reinstall it).

Finally, state–sponsored cyber conflict seems to be picking up, and I see nothing to suggest it’s going to be reigned in (this needs an international diplomatic agreement, and there’s nothing to suggest the politicians have woken up to this detail): rather, if anything, a good number of countries are likely to join in. There’s no way anything I build could defend against state apparatus with their zero day exploits, although fortunately I see no reason why I’d be targetted. However, of there is deep conflict, then a weapon of war could be something that destroys information everywhere associated the enemy. An economic strike might target distribution businesses, for example. Already, the history of cyberwarfare shows ordinary home systems can get damaged. I fear something destructive, indefensible by ordinary PCs, and out of control, may appear. Whatever, even today, this institutionalised childishness is creating backwash, & I’d like to try and reduce the risk of being splashed.

ancient front