> >If a module like this existed it would be a great way to violate the > >protocol and cause antisocial behaviour of your tcp stack. > > Yes, I agree, but in any case there would be more efficient ways to > cause antisocial behaviour. In fact, in the beginning, my idea was to return a RST,ACK, for each SYN received on one of my closed ports, in order to make a scan tool belive that they are all open. (Perhaps it is useles but I found the idea amusing. Maybe TARPIT is what you need? Adds a TARPIT target to iptables, which captures and holds incoming TCP connections using no local per-connection resources. Connections are accepted, but immediately switched to the persist state (0 byte window), in which the remote side stops sending data and asks to continue every 60-240 seconds. Attempts to close the connection are ignored, forcing the remote side to time out the connection in 12-24 minutes. -- Damjan Georgievski jabberID: damjan@xxxxxxxxxxxx
