Tar pitting automated attacks
freebsd at nagilum.org
Fri Sep 10 12:21:20 PDT 2004
Jonathan Chen wrote:
>On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
>>Is there a method to make this more expensive to the attacker, such as tar-pitting?
>Put in a ipfw block on the netblock/country. At the very least it will
>make it pretty slow for the initial TCP handshake.
I don't know how this particular scanner works, but if was (to write) a
scanner which is supposed to scan as many as possible hosts as quickly
as possible, I would simply start sending out syn's as fast as I can or
my master told me, without tracking to which hosts I sent one (just do a
count upwards or something like that). Then I would simply collect those
hosts that do respond with an ACK and put only them in the queue for
further processing. Whether your host sends a nak or nothing is the same
So I don't think a block will cause any significant harm to these attacks.
More information about the freebsd-questions