Visual Network Threat Level Indicator

Network monitoring is very important in todays world. The internet is a scary place. People have taken steps to raise their awareness by installing Intrusion Detection Systems(IDS) such as SNORT.

The problem with most of these systems is that upon first installing them they are vigilantly watched. After a week the allure wears off and they are no longer monitored, silently churning away in the depths of the network.

By moving the visualization outside of the computer we make it easier to notice, providing the information at a glance and to a larger audience.

The Visual Threat Level Indicator (VTLI) requires a network connection and power. It does not need to be directly attached to a computer, this way it can be placed anywhere there is network access.

A python script is run on the IDS which connects the the Arduino and updates the display.

Remove these ads by Signing Up

Step 1: Parts

You will need the following:

-An IDS running SNORT http://www.snort.org/
-Arduino Uno
-Arduino Ethernet Shield
-Arduino Proto Shield
-10x 470Ω resistors
-10 Segment LED bar graph
-Solder, wires, soldering iron

alex990 says: Jan 26, 2013. 8:53 PM

Please I need help in step 5

I can see there is 2 small resistors with blue color ... what they are for

i'm stack in this step !! i'm doing my final project in uni

hope you can help me

Thanks

simo90evo says: May 16, 2012. 8:19 AM

Hi guys! I'm trying to setup snort on mac, I've install it, and i tryied to modify the file config.snort, but I don't understand what i I've to do, which line I need to modify to create che log file alert.csv.

can you help me please ?

my email is simo90@me.com

thanx!!!

OCPik4chu in reply to simo90evoOct 16, 2012. 1:33 PM

I would suggest posting/searching the snort website, they will be able to help you much better.

vidtip22 says: Apr 14, 2012. 10:32 AM

can anyone please help me with step 5 as i am not able to go through snort

sgleason1 says: Feb 19, 2012. 7:25 AM

Could you make an instuctable showing us how to do this with the xbee wifi protoshield. Personally I think that would be more helpful because then it could be placed anywhere within the networks range.

joe (author) in reply to sgleason1Feb 19, 2012. 7:33 AM

Hey SGleason1 - I would love to make one of these with an Xbee. It will have to wait until I buy one though!

-Joe

sreeci in reply to joeFeb 20, 2012. 1:24 AM

Hello Joe, Thank you for the great project.
Like S.Gleason pointed, if you could assemble one with Xbee, I would be highly interested in it. You may also have a thorough user info along with that.
I am not a great Computer wizzard like you nice guys !!
Kindly respond to my mail if that is possible, please.
Thanks.
Sincerely
KJ Kumar
kjkumarsfo@yahoo.com

joe (author) in reply to sreeciFeb 23, 2012. 7:34 PM

Hey Sreeci and Sgleason - I ordered up an Xbee. So I'll post a new wireless instructable up when I get it in.

-Joe

sgleason1 in reply to joeFeb 24, 2012. 7:39 AM

Sweet I can't wait to see it. I don't have an arduino yet or the knowledge of how snort works, but I thought that if you made it with an xbee it would be much easier to put into same sort of frame and keep around the house, or bring it into your living room while watching tv.

joe (author) in reply to sgleason1Feb 27, 2012. 8:16 PM

Hey Sreeci and Sgleason - Here is a wireless version of the device:
http://www.instructables.com/id/Visual-Network-Threat-Level-Indicator-v2/

Thanks for looking.

-Joe

megaduty says: Feb 24, 2012. 11:41 AM

Hmmm,,, gotta get an Ethernet Shield now... Nice write up.

mr monoply33 says: Feb 23, 2012. 1:26 PM

Just out of curiosity, where did you get the LED bar graph?

joe (author) in reply to mr monoply33Feb 23, 2012. 7:25 PM

Hey Mr Monoply33 - It is an Avago HDSP4832, You can get it from Jameco here:
http://www.jameco.com/webapp/wcs/stores/servlet/Product_10001_10001_1551402_-1

-Joe

Kaylonds says: Feb 22, 2012. 1:15 PM

Very nice project. But i always wonder why no one ever trys to run the Arduino with Power over Ethernet.

joe (author) in reply to KaylondsFeb 22, 2012. 1:21 PM

Hey Kaylonds - Thanks!

As far as PoE, for me the reason is simple; I don't have a network switch which can provide PoE. I'm not sure how many home users do either.

-Joe

Kaylonds in reply to joeFeb 22, 2012. 2:24 PM

true true.

nubzzz says: Feb 19, 2012. 10:29 PM

How do you think this would do running with Suricata instead of Snort?

joe (author) in reply to nubzzzFeb 20, 2012. 10:32 AM

Hey Nubuzz- If Suricata has a log, then it would work. If you can give me a sample of 2 lines from the log file, I'll update the python to have a suricata/snort switch.

-Joe

zmashiah says: Feb 19, 2012. 2:11 PM

Very nice!
I like the use of Arduino showing important information, and Snort by all means is a good thing to monitor (and hopefully not too many false positive generated on your network). On the pictures I see a chip on the proto-shield, is that part of the circuit somehow or there from a something different?

joe (author) in reply to zmashiahFeb 19, 2012. 3:57 PM

Hey Zmashiah- thanks! That chip is a 470Ω resistor network, you don't need it you can use individual resistors. I just had it on hand and find them easy to use.

They can be found at Jameco #108581 http://www.jameco.com/webapp/wcs/stores/servlet/Product_10001_10001_108581_-1

-Joe

mister9 says: Feb 16, 2012. 5:46 PM

cool stuff