Re: IPTABLES firewall Integration


Steven Anderson <wanfuse123@...>
 

Thanks for getting back to me. I appreciate the candid analysis. Since it's not going to work since most devices don't have an accurate clock and IPTABLES is too large and I am not sure if BFP can do it. I guess I will spill the beans on what I was thinking.

My idea was to use shimmer or port knocking (implemented through the firewall in order to allow communication from the devices.

Port knocking better described with a diagram (which you may have heard of anyways) uses an accurate clock and an encryption algorithm to determine which port is being used to communicate with a temporal factor involved...in other words the ports would only be open for a few seconds each and appear open in a random fashion but would be open in a non-random order, which is based on an "encryption algorithm". Best described with a diagram (which I cant link here) The gateway, remote servers and the IoT device would also have a copy of the encryption algorithm for setting up the timing.

I was also thinking that maybe (which would require even more memory) a trained neural net to search incoming packet buckets for intrusions but this would almost definitely be out of the memory scope and the processing power of such a device but might be workable on the gateway side.

It only takes like 10 lines of IPTABLES code to implement such a thing. Not sure about BFP's capabilities in this area. There is also ways to implement this from scripts.

Anyways, that was the idea, I guess that this isn't the right platform for it though

Join devel@lists.zephyrproject.org to automatically receive all group messages.