Thus spake coderman (coderman@xxxxxxxxx): > On Fri, Aug 27, 2010 at 3:26 AM, tor_ml <tor_ml@xxxxxxxxx> wrote: > > I agree with Olaf and would only use the -p tcp --syn rule to filter new > > connection to the server on unwanted ports. > > I am fond of the TARPIT target for slowing down naive scanners. it's a > bit of a pain to get integrated, but fun :) > > """ > Adds a TARPIT target to iptables, which captures and holds incoming TCP > connections using no local per-connection resources. Connections are > accepted, but immediately switched to the persist state (0 byte window), in > which the remote side stops sending data and asks to continue every 60-240 > seconds. Attempts to close the connection are ignored, forcing the remote > side to time out the connection in 12-24 minutes. > """ It wasn't clear to me that tarpitting can be set up without a RELATED,ESTABLISHED rule before it.. Also, this is not integrated into the kernel or iptables yet either, right? -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpJJnfrzNyNY.pgp
Description: PGP signature