[rescue] A perverse thought (SGI security division)
Caleb Shay
caleb at webninja.com
Thu Mar 11 15:46:43 CST 2004
On 2004-03-11 16:35:39 -0500 Sheldon T. Hall <shel at cmhcsys.com> wrote:
> Caleb Shay suggests ...
>
<snip "nasty tarpit method to deal with portscanners">
>
> Yeah, I like that even better!
>
> I just have to get a better firewall than a "DSL router" to implement
> that
> sort of thing!
>
Well, I know many people swear by openbsd for their firewalls. I'm
sure it's good, but I figure any firewall I set up with openbsd is
going to be less secure than one I set up with linux since I know
linux and I don't know openbsd.
If you want to go the linux route, here's info on setting up tarpit
rules (among other fun things) for linux iptables firewalls:
http://www.linuxjournal.com/article.php?sid=7180
The executive summary would be:
iptables -A INPUT -p tcp -m tcp -s ${BADIP} -j TARPIT
Cheers,
Caleb
More information about the rescue
mailing list