LOW
The severity is rated LOW as this project does not involve a specific vulnerability but rather highlights the potential risks associated with manual packet parsing and low-level network programming. Real-world exploitability in homelab environments could be higher due to the lack of tested code, whereas production systems are likely more secure due to the use of mature IDS/IPS solutions.

The project described is a Network Intrusion Detection Engine (NDE) built from scratch using Zig version 0.15.2, with low-level networking and manual packet parsing capabilities. The NDE aims to detect common attack patterns such as TCP SYN Floods, ICMP Floods, TCP/UDP port scans, Ping of Death attacks, and payload-based attacks like SQL Injection, XSS, and Command Injection. While the project is innovative in its use of Zig for direct system-level access and packet manipulation, it also highlights potential security concerns related to manual parsing and handling of network packets without leveraging established libraries or frameworks.

Affected Systems
  • Zig version 0.15.2
Affected Versions: Specifically Zig version 0.15.2
Remediation
  • Review and update the manual parsing logic with a security-focused approach to ensure all edge cases are handled.
  • Integrate established libraries for handling network packets instead of relying solely on manual parsing techniques.
  • Implement logging and monitoring mechanisms to track unusual packet activities that could indicate an attack.
Stack Impact

This project may have minimal direct impact on common homelab stacks but serves as a critical learning tool. For those using Zig for security projects, it highlights the importance of thorough testing and the use of reliable libraries.

Source →