[plug] Building a "minefield/tarpit" for worms
W.Kenworthy
billk at iinet.net.au
Wed May 31 11:48:24 WST 2006
Anyone have real world experience with the iptables tarpit module? Does
it work in slowing up the badguys, or do they ignore the standards and
carry on regardless?
BillK
On Wed, 2006-05-31 at 11:42 +0800, Senectus . wrote:
> On 31/05/06, Bernd Felsche <bernie at innovative.iinet.net.au> wrote:
> > "Senectus ." <senectus at gmail.com> writes:
> > >On 31/05/06, Daniel J. Axtens <danielax at gmail.com> wrote:
> >
> > >> As Daniel pointed out, this sort of thing is called a honeypot - just
> > >> googling honeypot will get you started. There is also a honeypots
> > >> mailing list on securityfocus.
> >
> > >Unless it's for research purposes, I fail to see why this is a good idea...
> >
> > I don't actually want to attract probes. I just to blow their legs
> > off if they tread on my minefield. :-)
> >
> > That should reduce their ability to probe other machines.
> But in all reality a honey pot just wastes your bandwidth. I don't
> think a trojan/virus has been created in years that doesn't multicast
> it's scans.. so even though I thinks it's found a way in on your
> system it's going to keep looking elsewhere anyhow. in the mean time
> your bandwidth gets eaten up by a resistant piece of code trying to
> solidify it's infection.
> seem very futile to me.
>
> at least that's my understanding of it
>
More information about the plug
mailing list