[CentOS] Re: Email dictionary attacks and firewall

Thu Aug 17 13:34:17 UTC 2006
kadafax <kadafax at gmail.com>

Randall Hobbs wrote:
> -----Original Message-----
>   
>>> Better would be a rule to forward their connection to a honeypot / tarpit
>>>       
> box that would do what 
>   
>>> you want ... tie up their connection for a while.
>>>       
>
> You don't have to have it forward to a separate box for the tarpit to work.
> Tarpit rules can be placed into the firewall so that any packets from a
> particular host (or network) get tarpitted, while allowing everyone else's
> to come through to the listening daemon. You just have to give it a specific
> source and port. The following would tarpit port 25 (TCP) for the IP address
> 99.99.99.99, while allowing everyone else through to the listening SMTP
> daemon:
>
> iptables -I INPUT -s 99.99.99.99 -p tcp --dport 25 -j TARPIT
>   
Would you please give details on a TARPIT rule?
> So it's just a matter of adding rules per each host that causes a problem.
>   
Is there a risk of self DDOS'ing ?
kfx.