[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to Run High Capacity Tor Relays (stateless iptables filtering)

On Fri, Aug 27, 2010 at 3:26 AM, tor_ml <tor_ml@xxxxxxxxx> wrote:
> but in general there is also another way (or many other ways) to close a
> connection:
> "
> It is also possible to terminate the connection by a 3-way handshake, when
> host A sends a FIN and host B replies with a FIN & ACK (merely combines 2
> steps into one) and host A replies with an ACK. This is perhaps the most
> common method.
> "
> https://secure.wikimedia.org/wikipedia/en/wiki/Transmission_Control_Protocol#Connection_termination
> I agree with Olaf and would only use the -p tcp --syn rule to filter new
> connection to the server on unwanted ports.

I am fond of the TARPIT target for slowing down naive scanners. it's a
bit of a pain to get integrated, but fun :)

Adds a TARPIT target to iptables, which captures and holds incoming TCP
connections using no local per-connection resources.  Connections are
accepted, but immediately switched to the persist state (0 byte window), in
which the remote side stops sending data and asks to continue every 60-240
seconds.  Attempts to close the connection are ignored, forcing the remote
side to time out the connection in 12-24 minutes.