From 81461bedb2889e8f5b7366608e9dcdd41c8be0c8 Mon Sep 17 00:00:00 2001 From: william Date: Sat, 1 Jan 2022 15:16:39 +0000 Subject: [PATCH] Add '112 Hackathon Wiki' --- 112-Hackathon-Wiki.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 112-Hackathon-Wiki.md diff --git a/112-Hackathon-Wiki.md b/112-Hackathon-Wiki.md new file mode 100644 index 0000000..d432d35 --- /dev/null +++ b/112-Hackathon-Wiki.md @@ -0,0 +1,40 @@ +This wiki was created to document our implementation of a Linux kernel module to prevent blind in/on-path attacks against VPN-tunnel connections. Our work on this project was completed as part of the [IETF 112 Hackathon](https://www.ietf.org/how/runningcode/hackathons/112-hackathon/) which was held November 01-05, 2021. + +## Table of contents +[Introduction](Introduction)
+[Motivation](Motivation)
+[Installation](Installation)
+[Extensions and Future Work](Future)
+[Authors](Authors)
+[Funding](Funding) + +## Introduction + +This wiki and software was produced as part of our participation in the [IETF 112 Hackathon](https://www.ietf.org/how/runningcode/hackathons/112-hackathon/). This was our group's first participation in a Hackthon and also served as an introduction to participation with IETF. + +## Motivation + +For our project, we wanted to determine if there was a simple plugin solution to prevent our blind injection attacks against VPNs by added a rule on the client or server machines. The solution we ultimately decided, a Linux kernel module, will work on either endpoint and offers a lightweight option without causing any issues for the routing of normal packets. + +## Installation + + +1. create vm: cd src && vagrant up +2. ssh to vm: vagrant ssh +3. compile netfilter lkm: cd lkm && make all +4. insert module in kernel: ./use_mod.sh +5. do a test dns lookup: nslookup yo.com 8.8.8.8 +6. check logs for new modules prints: dmesg | grep "client port" +7. remove new kernal module and clean: ./remove_mod.sh + +## Extensions and Future Work + +The current iteration that was completed for the Hackathon only prints messages when injected packets are detected, but the final version will drop or delay any suspicious packets for a certain amount of time. + +## Authors + +This work was completed as part of IETF Hackathon 112 by Beau Kujath, Benjamin Mixon-Baca, and William J. Tolley + +## Funding + +Beau Kujath and William J. Tolley participated in the hackathon and produced this software as part of our ongoing Internet Freedom Fund project with Open Technology Fund. Benjamin Mixon-Baca is also funded through Open Technology Fund as an Information Controls Fellow. \ No newline at end of file