Check out the Patch-o-matic enhancements to netfilter. TARPIT? Check.
David Nicol wrote:
Charlie Braddy wrote, on the qpsmtpd list, which is about a perl drop-in replacement for qmail-smtpd:
If you are going to undertake the noble task of sucking up their bandwidth, then I'd suggest that you do the job thoroughly, and make sure that their TCP stack decides to retransmit as many packets as possible. Use iptables (for instance) to selectively/randomly drop packets.
That's brilliant! does iptables have a TARPIT target that causes the peer to retransmit as much as possible? Can we add one?
CC to netfilter@xxxxxxxxxxxxxxxxxxx, the iptables discussion list.
