mimic icon indicating copy to clipboard operation
mimic copied to clipboard
verified publisher icon hack3ric

Hide UDP port better

Open hack3ric opened this issue 4 months ago • 0 comments

Mimic now doesn't filter out incoming UDP packets if the tuple is in the whitelist but instead directly pass it to the next step. To align the behaviour when probed with an unopened port, Mimic could either do the following in XDP:

  1. Drop the UDP packets and only expect TCP
  2. Returns ICMP Port Unreachable (default behaviour of Linux)

For outbound packets, since Mimic operates without the interference of Linux firewall rules, there's no perfect options (other than setting up another firewall in Mimic's traffic path), but service dependency at startup can at least ensure no UDP packets leak at startup. This could be only done in documentation level, though.

Todos

  • [ ] Add new option for incoming UDP packet handling
    • [ ] Implement dropping
    • [ ] Implement ICMP returning
  • [ ] Document systemd (and others if available) service dependency in common use cases to prevent UDP leaking at startup

hack3ric avatar Nov 12 '25 11:11 hack3ric