PROTOCOL-AWARE SECURITY FOR VALIDATORS

Next-Gen Security for Decentralized Networks.Scanning Is Dead. Enforcement Wins.

NullRabbit combines external discovery with kernel-level in-path defence - stopping reconnaissance, SYN floods, and consensus-impacting traffic before the node ever sees it.

Sentinel- Continuous external discovery

Guard- Kernel-level consensus protection

Request Private Beta Access

Why NullRabbit Exists

Our research shows many validators are exposed without operators realising: public RPC ports, ghost ports, stray services, load-balancer bypasses, configuration drift, unpatched CVEs, even web servers running on validator hosts.

Cloudflare protects connectivity but it doesn't understand or enforce validator protocols.

A breached validator is catastrophic for the operator, but the network continues. When many validators share the same external weakness, we have a billion-dollar liability at the gates. Our analysis show these exposures are prolific.

NullRabbit is the missing security layer for decentralized infrastructure.

In our initial scans of 300+ validators across multiple networks, ≈40% showed critical exposures.

Read the Research

Sentinel & Guard - One System That Fixes Validator Exposure

NullRabbit closes the gap between what's exposed and what gets blocked. Sentinel shows the real attack surface. Guard enforces safety directly at the NIC. Working together to protect your infrastructure.

Sentinel - External discovery

•Finds real, reachable RPC ports, ghost ports, and LB paths.
•Detects probing behaviour early.
•Tracks exposure drift over time.
•Discovers unpatched CVEs and service vulnerabilities.

Your actual attack surface - not the theoretical one.

Guard - Kernel-level enforcement

•Drops unsafe traffic before it reaches the validator.
•Guard performs encrypted DPI using metadata, headers, handshake patterns, flow behaviour, and timing signals — without ever decrypting traffic.
•Always fail-open for uptime.

Enforcement at the NIC, powered by XDP/AF_XDP.

Why Sentinel + Guard Matter

Sentinel reveals what's reachable. Guard blocks what shouldn't be.

External truth + kernel-level enforcement = the missing validator security layer.

See NullRabbit Guard in Action

Sentinel and Guard reinforce each other in real time. Sentinel exposes what the world can reach; Guard stops unsafe traffic at the NIC; and every probe, anomaly, block event, and behavioural signature is fed back into a shared vector engine. The system tightens itself, confirms issues from both inside and outside, and gets harder to evade with every attack.

nullrabbit-guard

$ nr-sentinel scan sui-mainnet --external

[WARN] rpc/9000 exposed (public)

[INFO] ghost-port/9444 detected behind load-balancer

[INFO] baseline drift: +2 services since last scan

$ nr-guard status sui-mainnet

[XDP] inline: active on eth0

[RULE] sui-rpc-json: 54 allowed / 3 blocked (last 60s)

[BLOCK] 203.0.113.24 masscan fingerprint, dropped at NIC

$ nr-guard tail --follow

[BLOCK] 203.0.113.57 → tcp/9000 abnormal encrypted-flow pattern (metadata DPI)

[BLOCK] 198.51.100.9 → tcp/9444 unexpected consensus traffic

[ALLOW] 192.0.2.42 → tcp/9000 baseline RPC flow (allowed)

[BLOCK] 203.0.113.24 → tcp/9000 scan pattern, rule: masscan-fingerprint

Private Beta - Limited Access

We're onboarding select validator operators as we refine Guard deployment and cross-correlation with Sentinel.

Early access includes:

▸Continuous external discovery and exposure mapping
▸Kernel-level consensus traffic protection (L3/L4 fast-path + optional RPC ingress mode)
▸Early anomaly signatures and exposure scoring
▸Direct access to the engineering team during deployment