-----Original Message----- >>Better would be a rule to forward their connection to a honeypot / tarpit box that would do what >>you want ... tie up their connection for a while. You don't have to have it forward to a separate box for the tarpit to work. Tarpit rules can be placed into the firewall so that any packets from a particular host (or network) get tarpitted, while allowing everyone else's to come through to the listening daemon. You just have to give it a specific source and port. The following would tarpit port 25 (TCP) for the IP address 99.99.99.99, while allowing everyone else through to the listening SMTP daemon: iptables -I INPUT -s 99.99.99.99 -p tcp --dport 25 -j TARPIT So it's just a matter of adding rules per each host that causes a problem. -- Take care, Randall -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.