On macOS, it requires access to /dev/bpf. That's why we added filter rules for bpf there.
On Linux, we intercept at a level where packets already have an Ethernet header. I hope that Paqet injects before* this layer, but only a test can give the proof.
Thanks for the response. Sorry I should of been less vague. Paqet works on raw sockets with KCP. Though it'd intended for good. What's to assume bad actors aren't also using this method to get around solutions like littlesnitch?
A recent example, but not the only is a Iran botnet using this to get around detection.
On macOS, it requires access to /dev/bpf. That's why we added filter rules for bpf there.
On Linux, we intercept at a level where packets already have an Ethernet header. I hope that Paqet injects before* this layer, but only a test can give the proof.
Thanks for the response. Sorry I should of been less vague. Paqet works on raw sockets with KCP. Though it'd intended for good. What's to assume bad actors aren't also using this method to get around solutions like littlesnitch?
A recent example, but not the only is a Iran botnet using this to get around detection.
https://cybersecuritynews.com/iran-linked-botnet-exposed-aft...