summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_TARPIT.man
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libipt_TARPIT.man')
-rw-r--r--extensions/libipt_TARPIT.man34
1 files changed, 0 insertions, 34 deletions
diff --git a/extensions/libipt_TARPIT.man b/extensions/libipt_TARPIT.man
deleted file mode 100644
index 26526b7..0000000
--- a/extensions/libipt_TARPIT.man
+++ /dev/null
@@ -1,34 +0,0 @@
-Captures and holds incoming TCP connections using no local
-per-connection resources. Connections are accepted, but immediately
-switched to the persist state (0 byte window), in which the remote
-side stops sending data and asks to continue every 60-240 seconds.
-Attempts to close the connection are ignored, forcing the remote side
-to time out the connection in 12-24 minutes.
-
-This offers similar functionality to LaBrea
-<http://www.hackbusters.net/LaBrea/> but doesn't require dedicated
-hardware or IPs. Any TCP port that you would normally DROP or REJECT
-can instead become a tarpit.
-
-To tarpit connections to TCP port 80 destined for the current machine:
-.IP
-iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT
-.P
-To significantly slow down Code Red/Nimda-style scans of unused address
-space, forward unused ip addresses to a Linux box not acting as a router
-(e.g. "ip route 10.0.0.0 255.0.0.0 ip.of.linux.box" on a Cisco), enable IP
-forwarding on the Linux box, and add:
-.IP
-iptables -A FORWARD -p tcp -j TARPIT
-.IP
-iptables -A FORWARD -j DROP
-.TP
-NOTE:
-If you use the conntrack module while you are using TARPIT, you should
-also use the NOTRACK target, or the kernel will unnecessarily allocate
-resources for each TARPITted connection. To TARPIT incoming
-connections to the standard IRC port while using conntrack, you could:
-.IP
-iptables -t raw -A PREROUTING -p tcp --dport 6667 -j NOTRACK
-.IP
-iptables -A INPUT -p tcp --dport 6667 -j TARPIT