Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementing syncookied as a request BPF #699

Open
AltraMayor opened this issue Jul 26, 2024 · 0 comments
Open

Implementing syncookied as a request BPF #699

AltraMayor opened this issue Jul 26, 2024 · 0 comments
Labels
enhancement
Milestone
Version 1.4

Comments

@AltraMayor
Copy link
Owner

Once issue #602 is implemented, the effort to enable the implementation of syncookied as a request BPF will have been lowered. Namely, it would require adding the following facilities to the running environment of BPF in Gatekeeper:

  1. Repling packets;
  2. Computing SYN cookie.

The request BPF implementing syncookied should only forward SYN packets with proper cookies to Grantor servers. This BPF must also limit the reply rate to SYN packets to avoid Gatekeeper servers being used on reflection attacks.

The syncookied BPF would be a variation of the port knocking originally suggested in issue #602.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
Version 1.4
Development

No branches or pull requests
1 participant
@AltraMayor