Re: [gentoo-user] TARPIT iptables target
quoth the Dave Jones: TARPIT Just a caveat: Keep in mind that if a bad guy figures out you are using TARPIT, the very nature of it (ie: persistant connections) opens your box to a severe DOS vulnerability, especially if said bad guy has a bot-net at his disposal. If you know what you are doing, fair enough, but do keep this in mind if you intend to use TARPIT on an outward facing box. -d -- darren kirby :: Part of the problem since 1976 :: http://badcomputer.org ...the number of UNIX installations has grown to 10, with more expected... - Dennis Ritchie and Ken Thompson, June 1972 pgpl8VwRfH0yU.pgp Description: PGP signature
Re: [gentoo-user] TARPIT iptables target
Daveto get tarpit support add the extensions USE flag when you emerge iptablescynyrOn 2/22/06, Dave Jones [EMAIL PROTECTED] wrote:Hi,I was reading about the TARPIT target in the man iptables documentation, and thought I'd like to give it a try.Unfortunately though, it seemsnot to be supported in the 2.6.15-1 Gentoo kernel.Has anyone used the TARPIT target, or know of a way to get it into thecurrent kernel?Any experience with this target or 'gotchas' about it? Cheers, Dave--gentoo-user@gentoo.org mailing list
Re: [gentoo-user] TARPIT iptables target
Hi Andrew, Thank you for the tip about TARPIT, the problem is now solved. To complete the fix I downloaded patch-o-matic-ng and the iptables source from netfilter.org: cd /usr/src svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng svn co https://svn.netfilter.org/netfilter/trunk/iptables The documentation on using cvs on netfilter.org is outdated, they've converted to subversion and cvs is no longer available there. cd /usr/src/patch-o-matic-ng ./runme extra Allowed me to select the new iptables targets I wanted. cd /usr/src/linux make menuconfig make make modules_install make install I added the extensions USE flag to my /etc/make.conf, then reran the iptables emerge. It's all working fine now. Thanks to both you and Bryce for the help you gave! Cheers, Dave Andrew Frink wrote on 02/23/06 15:23: Dave to get tarpit support add the extensions USE flag when you emerge iptables cynyr I was reading about the TARPIT target in the man iptables documentation, and thought I'd like to give it a try. Unfortunately though, it seems not to be supported in the 2.6.15-1 Gentoo kernel. Has anyone used the TARPIT target, or know of a way to get it into the current kernel? Any experience with this target or 'gotchas' about it? -- gentoo-user@gentoo.org mailing list
[gentoo-user] TARPIT iptables target
Hi, I was reading about the TARPIT target in the man iptables documentation, and thought I'd like to give it a try. Unfortunately though, it seems not to be supported in the 2.6.15-1 Gentoo kernel. Has anyone used the TARPIT target, or know of a way to get it into the current kernel? Any experience with this target or 'gotchas' about it? Cheers, Dave -- gentoo-user@gentoo.org mailing list
