[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM tarpit module for repeated SSH login attempts

On Thu, 21 Oct 2004, martin f krafft wrote:

the real tarpit effect actually establishes a connection, not just
DROP it. so no, iptables would not give a real tarpit effect.

I *think* there is a patch to netfilter in patch-o-matic which does add real tarpit support as a target, whereby indeed the connection is established and held. It is not included in the standard netfilter debian package build, though.

the question is when these rules are removed though...

yes, that's a problem. I did not check, but there was also an experimental netfilter patch floating around to add expiration timers to iptables rules. I don't know the status of this one, but it would solve this problem (and other similar ones) very nicely. I will try and check next week on the official netfilter web site, when I get some spare time.



Giacomo Mulas <gmulas@ca.astro.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel. (OAC): +39 070 71180 248     Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

Reply to: