Re: PAM tarpit module for repeated SSH login attempts
On Wed, Oct 20, 2004 at 01:27:36PM +0200, Martin Reising wrote:
On Wed, Oct 20, 2004 at 11:50:07AM +0200, martin f krafft wrote:
For a tarpit, the best thing to do would be simply to drop the
connection without sending a FIN or RST packet. I don't know if PAM
can do this.
Otherwise, just hold the connection open for several minutes and do
nothing. After that time, send a RST or just drop it from the table.
AFAIK PAM is designed do return a single value like PAM_SUCCESS or
PAM_XXX_ERR, so the above isn't anything to deal with PAM.
Well, it is assumed that running a pam module will have some side effect
aside from returning PAM_SUCCESS or PAM_ERR. The fin/rst stuff isn't
possible, but just holding the connection open can easily achived by
running sleep(3) in the pam module.