| 1 |
quoth the Daniel Iliev: |
| 2 |
> Next I decided to change "-j DROP" with "-j TARPIT" and I |
| 3 |
> realized that gentoo-sources doesn't provide the netfilter |
| 4 |
> target "TARPIT". - |
| 5 |
> Best regards, |
| 6 |
> Daniel |
| 7 |
|
| 8 |
I realize there is a sense of satisfaction from using the TARPIT target that |
| 9 |
is appealing, however you must consider: |
| 10 |
|
| 11 |
1. These ssh bruteforce attacks are almost certainly coming from a zombie |
| 12 |
botnet, and thus there is no human to realize their connection has |
| 13 |
been 'stuck'. The zombie will happily freeze for 30 seconds then try again. |
| 14 |
|
| 15 |
2. Due to the nature of the persistant connection using TARPIT, you are |
| 16 |
opening up your machine to a DOS attack, if the Bad Guy can deduce you are |
| 17 |
using it. |
| 18 |
|
| 19 |
2 cents.... |
| 20 |
|
| 21 |
-d |
| 22 |
-- |
| 23 |
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org |
| 24 |
"...the number of UNIX installations has grown to 10, with more expected..." |
| 25 |
- Dennis Ritchie and Ken Thompson, June 1972 |
| 26 |
-- |
| 27 |
gentoo-user@g.o mailing list |
Archives