Re: PAM tarpit module for repeated SSH login attempts
On Thu, 21 Oct 2004, martin f krafft wrote:
the real tarpit effect actually establishes a connection, not just
DROP it. so no, iptables would not give a real tarpit effect.
I *think* there is a patch to netfilter in patch-o-matic which does add
real tarpit support as a target, whereby indeed the connection is
established and held. It is not included in the standard netfilter debian
package build, though.
the question is when these rules are removed though...
yes, that's a problem. I did not check, but there was also an experimental
netfilter patch floating around to add expiration timers to iptables
rules. I don't know the status of this one, but it would solve this
problem (and other similar ones) very nicely. I will try and check next
week on the official netfilter web site, when I get some spare time.
Giacomo Mulas <firstname.lastname@example.org>
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
"When the storms are raging around you, stay right where you are"