wolfSentry Dynamic Port Scanning Defenses and Stateful Rules

The latest wolfSentry release, version 1.4, adds advanced traffic attribute filters and controls, allowing field-configurable stateful routes for DNS and other connectionless protocols, and transparent port scanner detection and defenses.

Event handlers can be configured to restrict matches to traffic with specified attributes, such as inbound or outbound connection initiation or closure, binding of a socket, or attempt to send to an unreachable destination. An event handler can furthermore designate attributes to be set or cleared whenever a match implicates the event – “derogatory” or “commendable” flags, a “port_reset” flag to explicitly generate a reset reply, or any of 8 available user-defined flags in any combination.

An auxiliary event handler can now be associated with a primary event handler, for use when a new rule is dynamically added. The aux event can specify rule flags to be set and/or cleared in the newly generated rule, including wildcarding of any combination of match fields, designation of the traffic direction(s) to which the new rule will apply, and initial penalty boxing or green-listing.

Finally, a new built-in action handler, “%track-peer-v1”, creates new rules according to the filters and directives in the event definitions, as described above.

With these facilities, in concert with the fine-grained integration with lwIP, wolfSentry field configuration now has the expressive power to define port scan detection and defenses, automatic pinhole rule insertions, and other flexible stateful tracking use cases. All of these capabilities are available through JSON configuration, and can be updated, extended, or removed, at any time without system restart.

The latest wolfSentry release is available at https://github.com/wolfSSL/wolfsentry, with native in-tree support for FreeRTOS-newlib-nano on ARM with full lwIP integration. Other ports include POSIX (e.g. Linux), DeOS, and MacOS X. Let us know if you would like it on another platform. Our current porting plans include Green Hills IntegrityOS, VxWorks, LynxOS, PetaLinux,TRON/ITRON/µITRON, QNX, PikeOS and NuttX. Clone it now, and make test!

Contact us at facts@wolfssl.com, or call us at +1 425 245 8247 with any questions or for help getting started with wolfSentry in your project!