On Wed, Oct 20, 2004 at 01:27:36PM +0200, Martin Reising wrote:
On Wed, Oct 20, 2004 at 11:50:07AM +0200, martin f krafft wrote:For a tarpit, the best thing to do would be simply to drop the connection without sending a FIN or RST packet. I don't know if PAM can do this. Otherwise, just hold the connection open for several minutes and do nothing. After that time, send a RST or just drop it from the table.AFAIK PAM is designed do return a single value like PAM_SUCCESS or PAM_XXX_ERR, so the above isn't anything to deal with PAM.
Well, it is assumed that running a pam module will have some side effect aside from returning PAM_SUCCESS or PAM_ERR. The fin/rst stuff isn't possible, but just holding the connection open can easily achived by running sleep(3) in the pam module. Mike Stone