iptables: tarpit

[David Bandel]

On 9/4/06, Man-wai CHANG <mwchang at i-cable.com> wrote:
> Is the "TARPIT" target the same as the following 2 rules combined?
>
> -p tcp -j REJECT --reject-with tcp-reset
> -p udp -j REJECT --reject-with icmp-port-unreachable

no.  tarpit basically resets the tcp window size to 0 making further
communications impossible, including sending a FIN.  While
communications are impossible, it does however, tie up the queue.  So
the connection remains active because the bad guy can't send a FIN.

A few of these and the bad guys server slows waaaaayyyyyyy down.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto