quoth the Daniel Iliev: > Next I decided to change "-j DROP" with "-j TARPIT" and I > realized that gentoo-sources doesn't provide the netfilter > target "TARPIT". - > Best regards, > Daniel
I realize there is a sense of satisfaction from using the TARPIT target that is appealing, however you must consider: 1. These ssh bruteforce attacks are almost certainly coming from a zombie botnet, and thus there is no human to realize their connection has been 'stuck'. The zombie will happily freeze for 30 seconds then try again. 2. Due to the nature of the persistant connection using TARPIT, you are opening up your machine to a DOS attack, if the Bad Guy can deduce you are using it. 2 cents.... -d -- darren kirby :: Part of the problem since 1976 :: http://badcomputer.org "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 -- gentoo-user@gentoo.org mailing list
