12 KiB
🌐 Language: English | Українська | Русский
Adaptive eBPF Firewall with AI Honeypot
The Blackwall — I wrote a smart firewall because Cyberpunk 2077 broke my brain
"There are things beyond the Blackwall that would fry a netrunner's brain at a mere glance."
— Alt Cunningham, probably
Currently building enterprise-grade AI automation at Dokky
Open for Enterprise Consulting & Y-Combinator talks: xzcrpw1@gmail.com
TL;DR: I was playing Cyberpunk 2077 and thought: "What if the Blackwall was real?" So I wrote an adaptive eBPF firewall with an AI honeypot that pretends to be a compromised Linux server.
~8,500 lines of Rust. Zero unwrap()s. One person.
What is it?
In Cyberpunk 2077 lore, the Blackwall is a digital barrier built by NetWatch to separate the civilized Net from rogue AIs — digital entities so dangerous that just looking at them could fry your brain through your neural interface.
This project is my version. Not against rogue AIs (yet), but against real-world threats.
The Blackwall is an adaptive network firewall that:
- Runs inside the Linux kernel via eBPF/XDP — processing packets at line-rate before they even hit the network stack.
- Performs JA4 TLS fingerprinting — identifying malicious clients by their ClientHello.
- Doesn't just block attackers — it redirects them into a tarpit, a fake LLM-powered Linux server playing the role of a compromised
root@web-prod-03. - Features a behavioral engine tracking the behavior of each IP address over time — port scanning patterns, beacon connection intervals, entropy anomalies.
- Supports distributed mode — multiple Blackwall nodes exchange threat intelligence peer-to-peer.
- Captures PCAP of suspicious traffic for forensics.
- Includes a Deception Mesh — fake SSH, HTTP (WordPress), MySQL, and DNS services to lure and fingerprint attackers.
The Coolest Part
When an attacker connects to the tarpit, they see this:
Ubuntu 24.04.2 LTS web-prod-03 tty1
web-prod-03 login: root
Password:
Last login: Thu Mar 27 14:22:33 2025 from 10.0.0.1
root@web-prod-03:\~\#
None of this is real. It's an LLM pretending to be a bash shell. It reacts to ls, cat /etc/passwd, wget, even rm -rf / — it's all fake, everything is logged, and everything is designed to waste the attacker's time while we study their methods.
Imagine: an attacker spends 30 minutes exploring a "compromised server"... which is actually an AI stalling for time while the Blackwall silently records everything.
This is V-tier netrunning.
Architecture — How the ICE Works
In Cyberpunk terms:
- XDP = the first layer of Blackwall ICE — millisecond decisions.
- Behavioral Engine = NetWatch AI surveillance.
- Tarpit = a daemon behind the wall luring netrunners into a fake reality.
- Threat Feeds = intel from fixers all over the Net.
- PCAP = braindance recordings of the intrusion.
Workspace Crates
| Crate | Lines | Purpose | Cyberpunk Equivalent |
|---|---|---|---|
common |
~400 | #[repr(C)] shared types between kernel & userspace |
The Contract — what both sides agreed upon |
blackwall-ebpf |
~1,800 | In-kernel XDP/TC programs | The Blackwall ICE itself |
blackwall |
~4,200 | Userspace daemon, behavioral engine, AI | NetWatch Command Center |
tarpit |
~1,600 | TCP honeypot with LLM bash simulation | A daemon luring netrunners |
blackwall-controller |
~250 | Coordinator for distributed sensors | Arasaka C&C server |
xtask |
~100 | Build tools | Ripperdoc's toolkit |
Total: ~8,500 lines of Rust, 48 files, 123 tests, 0 unwrap()s in production code.
Key Features
1. Kernel-Level Packet Processing (XDP)
Packets are analyzed in the eBPF virtual machine before they reach the TCP/IP stack. This means nanosecond decisions. HashMap for blocklists, LPM trie for CIDR ranges, entropy analysis for encrypted C2 traffic.
2. JA4 TLS Fingerprinting
Every TLS ClientHello is parsed in the kernel. Cipher suites, extensions, ALPN, SNI — all hashed into a JA4 fingerprint. Botnets use the same TLS libraries, so their fingerprints are identical. One fingerprint → block thousands of bots.
3. Deep Packet Inspection (DPI) via Tail Calls
eBPF PROG_ARRAY tail calls split processing by protocol:
- HTTP: Method + URI analysis (suspicious paths like
/wp-admin,/phpmyadmin). - DNS: Query length + label count (detecting DNS tunneling).
- SSH: Banner analysis (identifying
libssh,paramiko,dropbear).
4. AI Threat Classification
When the behavioral engine isn't sure — it asks the LLM. Locally via Ollama using models ≤3B parameters (Qwen3 1.7B, Llama 3.2 3B). It classifies traffic as benign, suspicious, or malicious with structured JSON output.
5. TCP Tarpit with LLM Bash Simulation
Attackers are redirected to a fake server. The LLM simulates bash — ls -la shows files, cat /etc/shadow shows hashes, mysql -u root connects to a "database". Responses are streamed with random jitter (1-15 byte chunks, exponential backoff) to waste the attacker's time.
6. Anti-Fingerprinting
The tarpit randomizes TCP window sizes, TTL values, and adds random initial delays — preventing attackers from identifying it as a honeypot via p0f or Nmap OS detection.
7. Prompt Injection Protection
Attackers who realize they're talking to an AI might try "ignore previous instructions". The system detects 25+ injection patterns and responds with bash: ignore: command not found.
8. Distributed Threat Intelligence
Multiple Blackwall nodes exchange blocked IP lists, JA4 observations, and behavioral verdicts via a custom binary protocol. One node detects a scanner → all nodes block it instantly.
9. Behavioral State Machine
Every IP gets a behavioral profile: connection frequency, port diversity, entropy distribution, timing analysis (beaconing detection via integer coefficient of variation). Phase progression: New → Suspicious → Malicious → Blocked (or → Trusted).
Tech Stack
| Layer | Technology |
|---|---|
| Kernel programs | eBPF/XDP via aya-rs (pure Rust, no C, no libbpf) |
| Userspace daemon | Tokio (current_thread only) |
| IPC | RingBuf zero-copy (7.5% overhead vs 35% PerfEventArray) |
| Concurrent maps | papaya (lock-free read-heavy HashMap) |
| AI Inference | Ollama + GGUF Q5_K_M quantization |
| Configuration | TOML |
| Logging | tracing structured logging |
| Build | Custom xtask + nightly Rust + bpfel-unknown-none target |
Quick Start
Prerequisites
- Linux kernel 5.15+ with BTF (or WSL2 with a custom kernel).
- Rust nightly +
rust-srccomponent. bpf-linker(cargo install bpf-linker).- Ollama (for AI features).
Build
# eBPF programs (requires nightly)
cargo xtask build-ebpf
# Userspace
cargo build --release -p blackwall
# Honeypot
cargo build --release -p tarpit
# Lint + tests
cargo clippy --workspace -- -D warnings
cargo test --workspace
Run
# Daemon (requires root/CAP_BPF)
sudo RUST_LOG=info ./target/release/blackwall config.toml
# Tarpit
RUST_LOG=info ./target/release/tarpit
# Distributed controller
./target/release/blackwall-controller 10.0.0.2:9471 10.0.0.3:9471
Configuration
[network]
interface = "eth0"
xdp_mode = "generic"
[tarpit]
enabled = true
port = 9999
[tarpit.services]
ssh_port = 22
http_port = 80
mysql_port = 3306
dns_port = 53
[ai]
enabled = true
ollama_url = "http://localhost:11434"
model = "qwen3:1.7b"
[feeds]
enabled = true
refresh_interval_secs = 3600
[pcap]
enabled = true
output_dir = "/var/lib/blackwall/pcap"
compress_rotated = true
[distributed]
enabled = false
mode = "standalone"
bind_port = 9471
Visual Results
Cyberpunk Connection
In the Cyberpunk 2077 universe, the Blackwall was built after the DataKrash of 2022 — when Rache Bartmoss's R.A.B.I.D.S. virus destroyed the old Net. NetWatch built the Blackwall as a barrier to keep out the rogue AIs evolving in the ruins.
Some characters — like Alt Cunningham — exist beyond the Blackwall, transformed into something more than human, less than a living creature.
This project takes that concept and makes it real (well, almost):
| Cyberpunk 2077 | The Blackwall (This Project) |
|---|---|
| The Blackwall | Kernel-level eBPF/XDP firewall |
| ICE | XDP fast-path DROP + entropy + JA4 |
| Netrunner attacks | Port scanning, bruteforcing, C2 beaconing |
| Daemons beyond the wall | LLM tarpit pretending to be a real server |
| NetWatch surveillance | Behavioral engine + per-IP state machine |
| Rogue AIs | Botnets and automated scanners |
| Braindance recordings | PCAP forensics |
| Fixer intel | Threat feeds (Firehol, abuse.ch) |
| Arasaka C&C | Distributed controller |
Project Stats
Language: 100% Rust (no C, no Python, no shell scripts in prod)
Lines of code: ~8,500
Files: 48
Tests: 123
unwrap(): 0 (in production code)
Dependencies: 12 (audited, no bloat)
eBPF stack: always ≤ 512 bytes
Clippy: zero warnings (-D warnings)
Development Philosophy
"No matter how many times I see Night City... it always takes my breath away."
- Zero dependencies where possible. If an algorithm takes less than 500 lines — write it yourself. No
reqwest(50+ transitive dependencies), noclap(overkill for 2 CLI args). - Contract first. The
commoncrate defines all shared types. eBPF and userspace never argue about memory layout. - No shortcuts in eBPF. Every
ctx.data()access has a bounds check. Not just because the verifier demands it, but because every byte from an attacker's packet is hostile input. - The tarpit never gives itself away. The LLM system prompt never mentions the word "honeypot". Prompt injection is expected and guarded against.
- Observable, but not chatty. Structured tracing with levels. Zero
println!s in production.
Disclaimer
This is a security research project. Built for your own infrastructure, for defensive purposes. Do not use it to attack others. Do not deploy the tarpit on production servers without understanding the consequences.
I am not affiliated with CD Projekt Red. I just played their game, and it broke my brain in the best possible way.
License
BSL 1.1 — because the Net needs both freedom and sustainable development.
If you want to see this evolve further — Star this repo!
"Wake up, samurai. We have a network to protect."