- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
cross-posted from: https://programming.dev/post/52544724
I wrote a dead simple file canary tool that will install an eBPF program that drops all outgoing packets if a canary is touched. I wrote this in response to the current trend of supply chain attacks that try to harvest credentials
Using eBPF to enforce a file canary for network egress is a strong defense-in-depth tactic, particularly against supply chain compromises where the initial payload is already trusted. Have you considered the potential latency impact on legitimate high-throughput applications when the canary is breached versus the immediate network drop?