RE: [CentOS] Re: Email dictionary attacks and firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

-----Original Message-----
>>Better would be a rule to forward their connection to a honeypot / tarpit
box that would do what 
>>you want ... tie up their connection for a while.

You don't have to have it forward to a separate box for the tarpit to work.
Tarpit rules can be placed into the firewall so that any packets from a
particular host (or network) get tarpitted, while allowing everyone else's
to come through to the listening daemon. You just have to give it a specific
source and port. The following would tarpit port 25 (TCP) for the IP address
99.99.99.99, while allowing everyone else through to the listening SMTP
daemon:

iptables -I INPUT -s 99.99.99.99 -p tcp --dport 25 -j TARPIT

So it's just a matter of adding rules per each host that causes a problem.

--
Take care,
Randall


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux