top | item 44417412

(no title)

spense | 8 months ago

i've been looking at this recently and this isn't just for bots. ebpf fingerprinting is how cloudflare quickly detects ddos attacks.

https://blog.cloudflare.com/defending-the-internet-how-cloud...

discuss

v5v3|8 months ago

What's the simplest way to implement eBPF filtering?

As in a NFTables/Fail2Ban level usability.

mhio|8 months ago

https://bpfilter.io/ https://github.com/facebook/bpfilter https://lwn.net/Articles/1017705/

vetrom|8 months ago

something like https://github.com/renanqts/xdpdropper or cilium's host firewall or https://github.com/boylegu/TyrShield exist or https://github.com/ebpf-security/xdp-firewall today and implement ebpf filter based firewalling.

Of these there is a sample integration for XDPDropper to fail2ban that never got merged https://github.com/fail2ban/fail2ban/pull/3555/files -- I don't think anyone else has really worked on that junction of functionality yet.

There's also wazuh which seems to package ebpf tooling up with a ton of detection and management components, but its not a simple to deploy as fail2ban.