beaconing design needs work #47
Comments
|
but of course, if we want these beacons to not trigger rsts, that necessitates a different server-always-on design |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here's a pic of a wireshark capture of poet in action
since poet's beacons are woefully simple and literally based on whether the client can socket.connect() to the server, at a network level, this equates to a client sending a tcp syn, and the unlistening server sending back a tcp rst. this is pretty noisy, and all those rsts are really suspicious looking if anyone's looking at traffic.
really need to refactor the beacons to use an actual protocol (beacon over http(s), dns, etc). good examples for this might be
The text was updated successfully, but these errors were encountered: