Re: Tarpits are fun!
Nicely done!
John D. Hardin wrote:
{snicker!}
Dec 12 09:48:03 ga : Initial Connect - tarpitting: 124.240.124.222 60241 ->
x.x.x.x 25
Dec 12 09:44:20 ga : Initial Connect - tarpitting: 124.240.124.222 53486 ->
x.x.x.x 25 *
Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526 ->
x.x.x.x 25 *
...
Dec 12 16:08:06 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25
Dec 12 16:09:04 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25 *
Dec 12 16:11:19 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25
Dec 12 16:12:07 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25 *
Dec 12 16:13:05 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25
Dec 12 16:16:08 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25 *
Dec 12 16:17:05 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25
Dec 12 16:19:20 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25 *
Three spambot threads stuck for *hours*!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
---
3 days until Bill of Rights day
RE: Tarpits are fun!
> Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526 - > > x.x.x.x 25 * snip > Dec 12 16:19:20 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25 > * > > Three spambot threads stuck for *hours*! > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ How are you implementing this? - rh -- Robert - Abba Communications Computer & Internet Services (509) 624-7159 - www.abbacomm.net
RE: Tarpits are fun!
On Tue, 12 Dec 2006, R Lists06 wrote: > > Three spambot threads stuck for *hours*! > > How are you implementing this? http://www.impsec.org/~jhardin/antispam/spammer-firewall plus labrea with patches I worked up this weekend: http://sourceforge.net/projects/labrea http://sourceforge.net/tracker/index.php?func=detail&aid=1612818&group_id=70896&atid=529395 It should be pretty trivial for the spambot makers to modify their code to disconnect immediately from servers with "tarpit" or "teergrube" in the greeting banner, so you'll probably want to customize the banner labrea uses if you decide to do this. 'couse, if they do that then we can all put something like "no tarpit" in our MTA greeting banners to make the spambots go away... :) I still need to figure out why labrea is only accepting a 1000-character-ish BPF filter when the buffer is 65K in size. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The fetters imposed on liberty at home have ever been forged out of the weapons provided for defense against real, pretended, or imaginary dangers from abroad. -- James Madison, 1799 --- 3 days until Bill of Rights day
RE: Tarpits are fun!
On Tue, 12 Dec 2006, John D. Hardin wrote: > http://www.impsec.org/~jhardin/antispam/spammer-firewall > > plus labrea with patches I worked up this weekend: > > http://sourceforge.net/projects/labrea > > http://sourceforge.net/tracker/index.php?func=detail&aid=1612818&group_id=70896&atid=529395 > > I still need to figure out why labrea is only accepting a > 1000-character-ish BPF filter when the buffer is 65K in size. Okay, that's fixed too. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It is not the business of government to make men virtuous or religious, or to preserve the fool from the consequences of his own folly. -- Henry George --- Tomorrow: Bill of Rights day
