eBPFShield: powerful IP-intelligence and DNS monitoring tool
eBPFShield
Welcome to eBPFShield, a powerful and intuitive security tool for monitoring and protecting your servers. Featuring both IP-Intelligence and DNS monitoring capabilities, eBPFShield utilizes the power of ebpf and python to provide real-time monitoring and actionable insights for identifying and mitigating potential threats.
eBPFShield is a high-performance security tool that utilizes eBPF and Python to provide real-time IP-Intelligence and DNS monitoring. By executing in kernel space, eBPFShield avoids costly context switches and offers efficient detection and prevention of malicious behavior on your network through monitoring of outbound connections and comparison with threat intelligence feeds.
Say goodbye to constantly monitoring your servers with tcpdump and hello to a more efficient and automated security solution with eBPFShield.
🛠 Features
A few of the things you can do with eBPFShield:
Current Features: 🔥
- DNS Monitoring: Shows all DNS queries in the system.
- IP-Intelligence: Monitors outbound connections (tcp/udp) and checks it against threat intelligence lists, block Malicious Destination. Includes script to pull down public threat feeds.
Feature Roadmap: 📅
- Automated IP reputation analysis using Machine Learning algorithms
- Support for IPv6 and non-standard DNS ports for improved coverage and detection
- Integration with popular SIEM systems for centralized monitoring and alerting
- JSON output for easy integration with a UI dashboard
- Detection of DNS packets on non-standard ports
Install & Use
Copyright (c) 2023 Sagar Bhure
