TapeTrack Documentation

Because there is more to tape management than you ever realized

User Tools

Site Tools

Trace: volume_attributes_dynamic onetimepassword upgrading test_netconnection diagnosing_connection_problems ebpf_configuration upgrade_server attribute_list_values security_linux browser_connection
technote:security_linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
technote:security_linux [2025/10/03 02:36] – [Protocol Overview] Scott Cunliffetechnote:security_linux [2025/10/03 03:00] (current) – [TapeTrack Server: Anti-Throttle and Anti-Hacking Measures] Scott Cunliffe
Line 1: Line 1:
-====== TapeTrack Server: Anti-Throttle and Anti-Hacking Measures ======+====== Server: Anti-Throttle and Anti-Hacking ======
  
 ===== Protocol Overview ===== ===== Protocol Overview =====
Line 13: Line 13:
 TapeTrack implements a lightweight defense mechanism to reduce impact from non-compliant clients: TapeTrack implements a lightweight defense mechanism to reduce impact from non-compliant clients:
  
-  **Connection Acceptance**: If not blocked by a firewall, TapeTrack accepts incoming connections. +  **Connection Acceptance**: If not blocked by a firewall, TapeTrack accepts incoming connections. 
-  **Time-Out Table Check**: If the source IP is in the time-out table and the time-out period is still active, the connection is **immediately dropped**+  **Time-Out Table Check**: If the source IP is in the time-out table and the time-out period is still active, the connection is immediately dropped. 
-  **Protocol Validation**: If the connection is accepted but the client sends a packet that **does not match the TapeTrack protocol**, the IP is added to the time-out table and dropped.+  **Protocol Validation**: If the connection is accepted but the client sends a packet that does not match the TapeTrack protocol, the IP is added to the time-out table and dropped.
  
-**Summary**: Once an IP address (or gateway) sends a non-TapeTrack packet, all future connections from that IP during the time-out period will be accepted but **terminated immediately**.+Once an IP address (or gateway) sends a non-TapeTrack packet, all future connections from that IP during the time-out period will be accepted but terminated immediately.
  
 ===== Advanced Linux Integration: eBPF Support ===== ===== Advanced Linux Integration: eBPF Support =====
-On Linux systems, TapeTrack can integrate with **eBPF** for kernel-level IP blocking.+On Linux systems, TapeTrack can integrate with eBPF for kernel-level IP blocking.
  
 To enable this: To enable this:
   * Start the server with the `-B` argument and a pointer to a preloaded eBPF table.   * Start the server with the `-B` argument and a pointer to a preloaded eBPF table.
-  * TapeTrack will dynamically **add/remove IPs** from the table during the time-out period. +  * TapeTrack will dynamically add/remove IPs from the table during the time-out period. 
-  * If enabled, connections from banned IPs will be **blocked at the kernel level**, preventing any interaction with the TapeTrack Server.+  * If enabled, connections from banned IPs will be blocked at the kernel level, preventing any interaction with the TapeTrack Server.
  
 ===== Further Reading ===== ===== Further Reading =====
-For setup instructions and eBPF integration steps, refer to the [[technote:ebpf_configuration|eBPF Configuration Tech Note]].+For setup instructions and eBPF integration steps, refer to the [[technote:ebpf_configuration|eBPF Configuration Technote]].
  
-{{tag>tapetrack security firewall ebpf linux}}+{{tag> server technote security firewall ebpf linux}}
  
technote/security_linux.1759458993.txt.gz · Last modified: 2025/10/03 02:36 by Scott Cunliffe