On Thu, 1 Apr 2004 23:00:59 +0300 raptor wrote: > ami sigurno ima predwid (ako stawa wapros za IP), slagash > mashina s mnogo adresi da rechem class C, koqto wryshta response > sled kolko se move poweche wreme (max timeout), po tozi nachin > machinata koqto da rechem prawi ping (ako polzwame icmp za primer) > trqbwa da dyrvi strukturi (buffers, variables i procesorno wreme) > za po dylgo wreme taka che kolkoto poweche ping-owe prawi > tolkowa poweche se towari... i po toq nachin atakuwashtiqt stawa > vertwa na sobstwenata si ataka..:") > Potyrsi w google za "LaBrea" > > > > > On Thursday 01 April 2004 12:36, Vesselin Kolev wrote: > > > А... как никой не се сети, че подобни атаки се тушират чрез специални > > > машини, наречени "черни дупки"? :) > > > > > > Весо
не е ли по-добре да си сложи TARPIT target за netfilter ? copy/paste от menuconfig: "CONFIG_IP_NF_TARGET_TARPIT: x x x x Adds a TARPIT target to iptables, which captures and holds x x incoming TCP connections using no local per-connection resources. x x Connections are accepted, but immediately switched to the persist x x state (0 byte window), in which the remote side stops sending data x x and asks to continue every 60-240 seconds. Attempts to close the x x connection are ignored, forcing the remote side to time out the x x connection in 12-24 minutes. x x x x This offers similar functionality to LaBrea x x <http://www.hackbusters.net/LaBrea/> but doesn't require dedicated x x hardware or IPs. Any TCP port that you would normally DROP or REJECT x x can instead become a tarpit." както си пише няма нужда от машина с много IPs. ---------- sks.keyserver.penguin.de X-OpenPGP-KeyID: BCB0C3F4 X-OpenPGP-Fingerprint: A321 95C9 7523 82FD 823D 56D2 C1A6 4A38 BCB0 C3F4 ----------
pgp00000.pgp
Description: PGP signature