1 |
quoth the Daniel Iliev: |
2 |
> Next I decided to change "-j DROP" with "-j TARPIT" and I |
3 |
> realized that gentoo-sources doesn't provide the netfilter |
4 |
> target "TARPIT". - |
5 |
> Best regards, |
6 |
> Daniel |
7 |
|
8 |
I realize there is a sense of satisfaction from using the TARPIT target that |
9 |
is appealing, however you must consider: |
10 |
|
11 |
1. These ssh bruteforce attacks are almost certainly coming from a zombie |
12 |
botnet, and thus there is no human to realize their connection has |
13 |
been 'stuck'. The zombie will happily freeze for 30 seconds then try again. |
14 |
|
15 |
2. Due to the nature of the persistant connection using TARPIT, you are |
16 |
opening up your machine to a DOS attack, if the Bad Guy can deduce you are |
17 |
using it. |
18 |
|
19 |
2 cents.... |
20 |
|
21 |
-d |
22 |
-- |
23 |
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org |
24 |
"...the number of UNIX installations has grown to 10, with more expected..." |
25 |
- Dennis Ritchie and Ken Thompson, June 1972 |
26 |
-- |
27 |
gentoo-user@g.o mailing list |