On Sun, Apr 25, 2021 at 6:02 AM Jeffrey Walton <noloader@xxxxxxxxx> wrote: > > On Sun, Apr 25, 2021 at 7:09 AM John Wood <john.wood@xxxxxxx> wrote: > > > > I'm working in a LSM to detect and mitigate fork brute force attacks > > against vulnerable userspace applications. Now, to fine tuning the > > detection I want to detect a network activity. ... > > How can I detect that an external connection (using a net device) is > > accepted and avoid internal network communication? > > One caveat that may (or may not) apply... > > Systemd opens sockets for services even when a service is disabled. It > could appear that a system is accepting traffic even when the service > is unavailable. > > Jeff > this is interesting, it lets systemd add a tarpit to stall those SYN connections. But maybe bpf will do this soon. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
