Anyone got TARPIT working on Kernel 2.6.x? POM says it's only for 2.4.x Kernels (and I can't seem to get it working on my stock RH9 machine) I'd be grateful for any info on this! Thanks! -Steve -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Daniel Chemko Sent: Thursday, March 25, 2004 11:41 PM To: David Nicol Cc: Charlie Brady; qpsmtpd ML; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: General denial question (tarpitting) Check out the Patch-o-matic enhancements to netfilter. TARPIT? Check. David Nicol wrote: > > > Charlie Braddy wrote, on the qpsmtpd list, which is about > a perl drop-in replacement for qmail-smtpd: > >> If you are going to undertake the noble task of sucking up their >> bandwidth, then I'd suggest that you do the job thoroughly, and make >> sure that their TCP stack decides to retransmit as many packets as >> possible. Use iptables (for instance) to selectively/randomly drop >> packets. > > > That's brilliant! does iptables have a TARPIT target that causes > the peer to retransmit as much as possible? Can we add one? > > CC to netfilter@xxxxxxxxxxxxxxxxxxx, the iptables discussion list. >
