On Sun, Apr 25, 2021 at 7:09 AM John Wood <john.wood@xxxxxxx> wrote: > > I'm working in a LSM to detect and mitigate fork brute force attacks > against vulnerable userspace applications. Now, to fine tuning the > detection I want to detect a network activity. ... > How can I detect that an external connection (using a net device) is > accepted and avoid internal network communication? One caveat that may (or may not) apply... Systemd opens sockets for services even when a service is disabled. It could appear that a system is accepting traffic even when the service is unavailable. Jeff _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
