[plug] Building a "minefield/tarpit" for worms

Bernd Felsche bernie at innovative.iinet.net.au
Tue May 30 11:57:12 WST 2006


My firewall gets *lots* of hits to well-known ports and ports used
by bots/worms.

Instead of simply rejecting/dropping packets, I'm toying with the
idea of setting up a minefield and/or tarpit to make their lives a
misery.

Some stuff can be done with xinetd, but not a lot without spawning
custom applications to e.g. fake bot responses and to harvest their
locations.

Are there any tools to handle incoming nasty connections and to deal
with them based on a set of rules?
-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | "Laws do not persuade just because
 X   against HTML mail     |  they threaten."
/ \  and postings          | Lucius Annaeus Seneca, c. 4BC - 65AD.




More information about the plug mailing list