[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM tarpit module for repeated SSH login attempts

also sprach Giacomo Mulas <gmulas@ca.astro.it> [2004.10.20.1452 +0200]:
> no, but you can obtain the real tarpit(TM) effect, and you don't
> have any processes left sleeping. Anyway, it was just a suggestion
> I did not mean to criticize anybody's work.

the real tarpit effect actually establishes a connection, not just
DROP it. so no, iptables would not give a real tarpit effect. but
i guess one could just drop non-SYN packages? this would definitely
be preferable than having the PAM module sleep away.

the question is when these rules are removed though...

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: