I'm working on a project where I'm planning to implement custom read receipts at the IPv4/TCP layer by modifying the BSD networking stack.
My goal is to detect if someone is harvesting data from my server by tracking whether packets are being properly received and acknowledged.
What I've Done So Far:
I’ve researched how to add custom headers to IPv4/TCP packets and modify the BSD source code to implement this functionality.
The read receipts will be embedded in the packet headers to confirm that a packet has been received and presumably processed by the intended recipient.
What I Need to Understand:
Detection Capabilities:
Can this method of using custom-read receipts help in detecting if someone is harvesting data from my server? For instance, would it be able to identify unauthorized data interception or forwarding by a malicious actor?
Limitations and Workarounds:
Are there specific limitations to this approach, and what additional measures (e.g., encryption, intrusion detection) should I consider to complement this technique?
Real-World Effectiveness:
Has anyone successfully used a similar approach in a real-world scenario, and what were the outcomes?
Why I'm Concerned:
I’m aware that this method might only confirm that packets reach their destination, but I’m unsure if it can detect more sophisticated data harvesting techniques, especially at the application layer or through man-in-the-middle attacks.
Any insights, alternative approaches, or examples would be greatly appreciated!
My goal is to detect if someone is harvesting data from my server by tracking whether packets are being properly received and acknowledged.
What I've Done So Far:
I’ve researched how to add custom headers to IPv4/TCP packets and modify the BSD source code to implement this functionality.
The read receipts will be embedded in the packet headers to confirm that a packet has been received and presumably processed by the intended recipient.
What I Need to Understand:
Detection Capabilities:
Can this method of using custom-read receipts help in detecting if someone is harvesting data from my server? For instance, would it be able to identify unauthorized data interception or forwarding by a malicious actor?
Limitations and Workarounds:
Are there specific limitations to this approach, and what additional measures (e.g., encryption, intrusion detection) should I consider to complement this technique?
Real-World Effectiveness:
Has anyone successfully used a similar approach in a real-world scenario, and what were the outcomes?
Why I'm Concerned:
I’m aware that this method might only confirm that packets reach their destination, but I’m unsure if it can detect more sophisticated data harvesting techniques, especially at the application layer or through man-in-the-middle attacks.
Any insights, alternative approaches, or examples would be greatly appreciated!
