On Thu, 1 Apr 2004 23:00:59 +0300 raptor wrote: > ami sigurno ima predwid (ako stawa wapros za IP), slagash > mashina s mnogo adresi da rechem class C, koqto wryshta response > sled kolko se move poweche wreme (max timeout), po tozi nachin > machinata koqto da rechem prawi ping (ako polzwame icmp za primer) > trqbwa da dyrvi strukturi (buffers, variables i procesorno wreme) > za po dylgo wreme taka che kolkoto poweche ping-owe prawi > tolkowa poweche se towari... i po toq nachin atakuwashtiqt stawa > vertwa na sobstwenata si ataka..:") > Potyrsi w google za "LaBrea" > > > > > On Thursday 01 April 2004 12:36, Vesselin Kolev wrote: > > > А... как никой не се сети, че подобни атаки се тушират чрез специални > > > машини, наречени "черни дупки"? :) > > > > > > Весо
не е ли по-добре да си сложи TARPIT target за netfilter ?
copy/paste от menuconfig:
"CONFIG_IP_NF_TARGET_TARPIT:
x
x
x
x Adds a TARPIT target to iptables, which captures and holds
x
x incoming TCP connections using no local per-connection resources.
x
x Connections are accepted, but immediately switched to the persist
x
x state (0 byte window), in which the remote side stops sending data
x
x and asks to continue every 60-240 seconds. Attempts to close the
x
x connection are ignored, forcing the remote side to time out the
x
x connection in 12-24 minutes.
x
x
x
x This offers similar functionality to LaBrea
x
x <http://www.hackbusters.net/LaBrea/> but doesn't require dedicated
x
x hardware or IPs. Any TCP port that you would normally DROP or REJECT
x
x can instead become a tarpit."
както си пише няма нужда от машина с много IPs.
----------
sks.keyserver.penguin.de
X-OpenPGP-KeyID: BCB0C3F4
X-OpenPGP-Fingerprint: A321 95C9 7523 82FD 823D 56D2 C1A6 4A38 BCB0 C3F4
----------
pgp00000.pgp
Description: PGP signature
