On Wed, Aug 28, 2002 at 11:56:24AM +0200, Michael Renzmann wrote: > Hi. > > Jones, Steven wrote: > >Ive found port sentry really good for detecting port scans and then > >routeing > >the return packets to no where. > > As an addition to that idea: would it be possible to cause similar > effects to HTTP-server worms with a modified tarpit? Maybe a modified > version of the kernel httpd: whenever a worm attack drops in the > response will be a normal website containing a bogus content (no 404), > coming over the line character by character with a huge delay. Comments?
I remember hearing about people doing exactly that. Maybe it was mentioned on /. or the local LUG mailing list (http://nslug.ns.ca/). -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE