Forem: weilong

Stress Test My Digital Fortress: An eBPF + Shannon Entropy Guard (Open Sourced)

weilong — Fri, 06 Mar 2026 05:31:15 +0000

I’ve built a "Digital Guillotine" in the Linux kernel, and I want you to help me break it.
I have combined eBPF (XDP) with multidimensional Shannon Entropy analysis to create Realm 2.5—a security application that doesn't just block IPs; it judges the "chaos" of the traffic itself.
🛠️ The Architecture: Intelligence at the Edge
Unlike traditional firewalls, Realm operates at the XDP (Express Data Path) layer. It evaluates every payload before it even touches the socket buffer.
Entropy Auditing: It calculates the randomness (H) of incoming data. If your payload is too "chaotic" (obfuscated or encrypted attack strings), the kernel executes an instant ban.
L3 Honeypots: I’ve integrated traps on ports 2375, 2222, and 6379. One wrong move, and you are marked in the eBPF map.
👁️ The Tactical Command Center (Live)
You can visit the dashboard as a "Normal User" right now. You will see the Total Threat Archive—a real-time list of IPs that have already been "beheaded" by the system.
🌐 Live Dashboard: http://35.212.157.202/
🛠️ GitHub Repository: xingkong0508/realm
⚔️ The Challenge: Give Me Pressure
If you attempt to breach my "Realm," your IP will be added to the Blacklist immediately.
The Sentence: Bans are enforced at the kernel level.
The Mercy: I’ve set an auto-unban timer of 10 minutes. After 600 seconds, the eBPF map will clear your entry, and you can try again.
I am asking for your help. Give my server some pressure. Let’s see if my entropy logic holds up against professional-grade obfuscation.
🚀 The Future: Lowering the Shield for All
This project is already Open Source. However, I plan to lower the "entry bar" for this framework soon. I want to refine the code so that any developer—not just kernel experts—can deploy these advanced shields with a single command.
Let’s complete this masterpiece together. Do your worst, and let the logs tell the story.

Your Obfuscation is Just Math to Me: An eBPF Guillotine in the Linux Kernel

weilong — Fri, 06 Mar 2026 05:18:03 +0000

Your Obfuscation is Just Math to Me: An eBPF Guillotine in the Linux Kernel

The Era of Signature-Based Defense is Dead.

Stop relying on outdated blacklists. I built Realm 2.5, an eBPF-powered fortress that doesn't care about your "clever" payloads.

🛡️ The Mechanism: Mathematical Sentencing

Most firewalls wait for the CPU to process the packet. Realm acts at the XDP (Express Data Path) layer, the absolute frontline of the Linux kernel. Before your packet even breathes the air of the userspace, it meets the Entropy Judge.

I calculate the Shannon Entropy (H) of every single payload in real-time using the formula:
H = -Σ P(x_i) log2 P(x_i)

If your chaos exceeds 4.2, my kernel probe assumes you are hiding something—obfuscation, shellcode, or randomized junk. The verdict? Instant Decapitation. Your IP is dropped by the XDP driver before it can even finish the handshake.

🕸️ The Labyrinths (Honeypots)

I have left "doors" open for the greedy. If you touch my 2375 (Docker), 2222 (SSH), or 6379 (Redis) ports, you aren't just logged—you are marked. The eBPF maps will remember your "sin" and silence you across the entire network.

👁️ The Execution Archive

My dashboard isn't a UI; it's a graveyard. Every failed attempt, every "clever" script, is archived here for the world to see in a high-contrast Cyberpunk aesthetic.

⚔️ The Ultimatum

I’ve deployed this on a GCP instance. I know there are wizards out there who think they can bypass the laws of entropy.

Live Target: http://35.212.157.202/
Source: https://github.com/xingkong0508/realm

I am ready for this Realm to fall. I have analyzed every line of my Go and C code, and I am prepared for the inevitable breach.

But until you prove me wrong, I remain the master of this kernel space. Fearless. Unyielding.

Do your worst. I’m waiting in the logs.

I built an eBPF-powered "Judge" that executes packets based on Shannon Entropy. Break my Realm.

weilong — Thu, 05 Mar 2026 18:04:44 +0000

The Core Philosophy: Beyond Signatures
Most firewalls are librarians; they check books against a list of banned titles. I wanted a Judge. I built Realm 2.5, an active defense engine that runs in the kernel and judges the "chaos" of incoming payloads.
The Tech Stack
L3 Execution via XDP: By leveraging eBPF (XDP), Realm processes and drops malicious packets at the network driver level. It doesn't wait for the Linux stack to wake up; it acts on arrival.
The Entropy Sentencing: I use Shannon Entropy to analyze the randomness of every payload. If the entropy H exceeds 4.2, the payload is deemed "maliciously obfuscated," and the source IP is instantly beheaded (banned) in the eBPF maps.
Honeypot Labyrinths: I've left active baits on ports 2375 (Docker), 2222 (SSH), and 6379 (Redis). One touch, and you're out.
The Cyberpunk Dashboard
The backend isn't just a log; it's an archive of failed attempts. You can see the live "executions" on my dashboard, designed with a heavy cyberpunk aesthetic to remind attackers of the digital wall they just hit.
The Challenge
I am a student of the kernel, and I know that no wall is infinite. I've deployed this on a GCP instance. I invite you—the wizards and the curious—to test its limits. Can you bypass the entropy filter?
🌐 Live Target: http://35.212.157.202/
🛠️ Source Code: xingkong0508/realm
A Final Word
I am fully prepared for the moment this fortress is breached. In the world of security, perfection is an illusion. But until that moment of total compromise arrives, I remain fearless. If you break it, I will learn, I will adapt, and I will be back with something stronger. Do your worst.