offlinemark
commented
9 years ago but of course, if we want these beacons to not trigger rsts, that necessitates a different server-always-on design
Open offlinemark opened 9 years ago
offlinemark
commented
9 years ago but of course, if we want these beacons to not trigger rsts, that necessitates a different server-always-on design
Here's a pic of a wireshark capture of poet in action
since poet's beacons are woefully simple and literally based on whether the client can socket.connect() to the server, at a network level, this equates to a client sending a tcp syn, and the unlistening server sending back a tcp rst. this is pretty noisy, and all those rsts are really suspicious looking if anyone's looking at traffic.
really need to refactor the beacons to use an actual protocol (beacon over http(s), dns, etc). good examples for this might be