Snort is the foremost Open Source IPS (Intrusion Prevention System) in the world.
It uses a series of rules that help define malicious network activity and generates alerts or simply block them.
The primary uses are: as a packet sniffer, as a packet logger, or as a full-blown network IPS.
Start installing the package:
System > Package Manager > Available Packages > Search for: snort > Click + Install.
Wait for the confirmation.
Create a free account and paste the code here:
Note: there is no update on the system.
The system now has the latest rules installed:
Define the interface to be monitored for suspicious or malicious behavior (usually the WAN).
Define the policy.
On Select The Rulesets, check the relevant rulesets or Select All.
Define WAN Preprocs.
Enable Application ID and Portscan Detection.
Enable the monitoring service on the interface.
Check the activity.
After refining the configuration that applies to your network and let it work for a couple of weeks go back to Snort Interfaces > WAN Settings > Alert Settings and enable Block Offenders.