- Canada
- https://stevenpolley.net
-
I hate computers, but I am drawn to them. What wonders... what misery...
- Joined on
2019-01-05
Eliminate CGO dependency
Removing libpcap will also remove a lot of network types, so we will likely be contstrained to supporting just ethernet, IPv4/IPv6, and UDP.
This looks interesting: https://pkg.go.dev/golang.o…
3ae568639e
add flag to specify alternative filepath to secret
ead7578544
change pcap snaplen to 126 bytes
BPF Filter Limitations - Prevent Sweeping Attacks
Need to get some benchmarks with wide open filter compared to constraining to just the ports required for the authentic knock sequence.
I can only test this on a 1Gbps line.
Also, in the…
Support for Multiple Clients
Multiple keys should be able to be generated and loaded by hypd.
./hypd generate secret >/etc/hyp/secrets.d/client1.secret
./hypd generate secret >/etc/hyp/secrets.d/client2.secret
./…
hypd Configuration File
Configuration Items
- (Directory) path for the pre-shared key(s)?
- client timeout
- knock success action
- knock timeout action
Close Ports When Done
I also need to work out how much information about the key is leaked during each knock sequence transmission to ensure this frequency is sane. Only 64 bits of the sha1hmac are used for the…
BPF Filter Limitations - Prevent Sweeping Attacks