README — add intended use section

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-27 16:06:21 +02:00 · 2026-05-27 16:06:21 +02:00 · a3d6048ded
commit a3d6048ded
parent 50c9b4df35
1 changed files with 13 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,19 @@ Covert channel using Linux TC eBPF. Intercepts TCP packets on a port already in
 steals matching ones before the application sees them, forwards or executes per the
 client's instruction. Normal traffic is unaffected. Zero changes to existing services.

+---
+
+## Intended Use
+
+**Educational purposes only.** Do not deploy against systems you don't own or have
+explicit authorisation to test.
+
+The core use case this demonstrates: persistence on a firewalled host by piggybacking
+on any already-permitted port (e.g. 80/443). Traffic is stolen at TC ingress before
+the application sees it and never appears in its logs.
+
+---
+
 ```
 Mode 1 — Plain TCP
  Client                        Server (:80)