Show HN: Poolnarc – catch hidden Linux cryptominers from two eBPF hooks
Category: security
Tags: ebpf, security, cryptojacking-detection, linux, monitoring
Score: 7.3/10 (Innovation: 7, Technical: 7, Documentation: 8, Utility: 7)
Poolnarc is a behavioral cryptominer detector for Linux that uses eBPF hooks to catch hidden mining activity by monitoring outbound TCP connections to known mining pool ports and detecting process name spoofing. Its innovative combination of kernel-level monitoring and comm-name mimicry detection offers a signature-free approach that can identify new mining threats without relying on databases. The project is particularly interesting for security incident response and fleet monitoring.
Target audience: security engineers, devops, incident responders
Repository: https://github.com/yeet-src/poolnarc · JavaScript · 1 stars
View on Hacker News