This wiki was created to document our implementation of a Linux kernel module to prevent blind in/on-path attacks against VPN-tunnel connections. Our work on this project was completed as part of the IETF 112 Hackathon which was held November 01-05, 2021.
Table of contents
Introduction
Motivation
Installation
Extensions and Future Work
Authors
Funding
Introduction
This wiki and software was produced as part of our participation in the IETF 112 Hackathon. This was our group's first participation in a Hackthon and also served as an introduction to participation with IETF.
Motivation
For our project, we wanted to determine if there was a simple plugin solution to prevent our blind injection attacks against VPNs by added a rule on the client or server machines. The solution we ultimately decided, a Linux kernel module, will work on either endpoint and offers a lightweight option without causing any issues for the routing of normal packets.
Installation
- create vm: cd src && vagrant up
- ssh to vm: vagrant ssh
- compile netfilter lkm: cd lkm && make all
- insert module in kernel: ./use_mod.sh
- do a test dns lookup: nslookup yo.com 8.8.8.8
- check logs for new modules prints: dmesg | grep "client port"
- remove new kernal module and clean: ./remove_mod.sh
Extensions and Future Work
The current iteration that was completed for the Hackathon only prints messages when injected packets are detected, but the final version will drop or delay any suspicious packets for a certain amount of time.
Authors
This work was completed as part of IETF Hackathon 112 by Beau Kujath, Benjamin Mixon-Baca, and William J. Tolley
Funding
Beau Kujath and William J. Tolley participated in the hackathon and produced this software as part of our ongoing Internet Freedom Fund project with Open Technology Fund. Benjamin Mixon-Baca is also funded through Open Technology Fund as an Information Controls Fellow.