|
|
|
|
|
|
| Author |
Message |
ElCuervo
*nix forums beginner
Joined: 25 Jun 2006
Posts: 1
|
 Posted: Sun Jun 25, 2006 2:09 am Post subject:
iptables TARPIT
|
|
|
I have some iptables POM extensions ompiled into my 2.4.32 kernel
including TARPIT. And, I have crafted some rules to tarpit some
persistent IP's. But, this only works for TCP traffic.. how does one
slow down the pervasive unwanted UDP and ICMP traffic?
cuervo |
|
| Back to top |
|
 |
Ertugrul Soeylemez
*nix forums Guru Wannabe
Joined: 28 Oct 2005
Posts: 126
|
| Posted: Sun Jun 25, 2006 7:06 am Post subject:
Re: iptables TARPIT
|
|
|
"ElCuervo" <cuervo73@wanadoo.es> (06-06-24 19:09:25):
| Quote: | I have some iptables POM extensions ompiled into my 2.4.32 kernel
including TARPIT. And, I have crafted some rules to tarpit some
persistent IP's. But, this only works for TCP traffic.. how does one
slow down the pervasive unwanted UDP and ICMP traffic?
|
By not replying at all. Those protocols are not connection-oriented, so
you couldn't freeze scanners much, anyway. By the way, don't forget
that each frozen TARPIT connection actually uses resources on your
system. I don't think that it allows DoS attacks, but for older
systems, this may be a stability problem. I wouldn't use it for now,
and instead just keep DROP-ing unwanted packets. There is some reason
for the TARPIT target not to be in the stable releases.
Regards,
E.S. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Tue Dec 02, 2008 2:14 pm | All times are GMT
|
|
Cheap Loan | Credit Counseling | MPAA | Loans | Indoor Flag Pole Sets
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
security
