1d agoPosted Nov 25, 2025 at 1:39 PM EST

Experimental Ebpf Firewall in Rust with Heuristic Risk Scoring

1 points

0 comments

Mood

informative

Sentiment

positive

Category

startup_launch

Key topics

Ebpf

Rust

Firewall

Security

Networking

I’ve been working on a small experimental eBPF/XDP-based firewall written in Rust (using Aya). It’s not a full IPS and not an antivirus — it’s a packet-level reputation engine for learning purposes.

What it currently does

Rust + eBPF (XDP) packet inspection

Per-IP risk scoring (0–1000)

Detects:

Port scans: SYN/FIN/NULL/XMAS

TTL variance (possible spoofing)

Burst traffic patterns (DoS-like)

ICMP misuse and oversized payloads

Malformed packets

Bloom filter blocklist (up to 400k entries)

LRU map tracking port access timing

Auto-blocking on critical risk

Tarpit behavior on high-risk IPs

Why I built it

I wanted to learn:

Rust in kernel-level constraints

How XDP works internally

Practical heuristics for lightweight threat detection

Efficient state tracking inside eBPF maps

What it is NOT

Not production-ready

Not a malware scanner

Not a Suricata/Snort alternative

Looking for feedback

Particularly interested in:

Map design improvements

Heuristic tuning

Performance considerations

Ideas to avoid false positives

Repo: https://github.com/N1ghttm4r33/Antivirus/tree/main

Discussion Activity

No activity data yet

We're still syncing comments from Hacker News.

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (0 comments)

Discussion hasn't started yet.

ID: 46049116Type: storyLast synced: 11/25/2025, 6:40:09 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Read Article View on HN