[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to Run High Capacity Tor Relays (stateless iptables filtering)

Thus spake coderman (coderman@xxxxxxxxx):

> On Fri, Aug 27, 2010 at 3:26 AM, tor_ml <tor_ml@xxxxxxxxx> wrote:
> > I agree with Olaf and would only use the -p tcp --syn rule to filter new
> > connection to the server on unwanted ports.
> I am fond of the TARPIT target for slowing down naive scanners. it's a
> bit of a pain to get integrated, but fun :)
> """
> Adds a TARPIT target to iptables, which captures and holds incoming TCP
> connections using no local per-connection resources.  Connections are
> accepted, but immediately switched to the persist state (0 byte window), in
> which the remote side stops sending data and asks to continue every 60-240
> seconds.  Attempts to close the connection are ignored, forcing the remote
> side to time out the connection in 12-24 minutes.
> """

It wasn't clear to me that tarpitting can be set up without a
RELATED,ESTABLISHED rule before it.. Also, this is not integrated into
the kernel or iptables yet either, right?

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpJJnfrzNyNY.pgp
Description: PGP signature