iptables: tarpit
Chong Yu Meng
chongym
Wed Sep 6 08:46:27 PDT 2006
On Mon, 2006-09-04 at 21:22 -0500, David Bandel wrote:
> On 9/4/06, Man-wai CHANG <mwchang at i-cable.com> wrote:
> > Is the "TARPIT" target the same as the following 2 rules combined?
> >
> > -p tcp -j REJECT --reject-with tcp-reset
> > -p udp -j REJECT --reject-with icmp-port-unreachable
>
> no. tarpit basically resets the tcp window size to 0 making further
> communications impossible, including sending a FIN. While
> communications are impossible, it does however, tie up the queue. So
> the connection remains active because the bad guy can't send a FIN.
>
> A few of these and the bad guys server slows waaaaayyyyyyy down.
Wow! David, you never cease to amaze me with your grasp of all things
HTTP. I have only seen the above scenario once, when a Java application
was so loaded and hanging onto system resources that a FIN was never
sent to close a HTTP transaction. I thought that was a pretty rare thing
when I saw that, but it appears that there is a way to simulate it using
Linux and tarpit!
--
Pascal Chong
email: chongym at cymulacrum.net
web: http://cymulacrum.net
pgp: http://cymulacrum.net/pgp/cymulacrum.asc
"La science ne conna?t pas de fronti?re parce que la connaissance
appartient ? l?humanit?. et que c?est la flamme qui illumine le monde."
-- Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060906/b602ad8d/attachment.pgp
More information about the Linux-users
mailing list