tarpit before or after adding chain?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm a little confused about when to add the TARPIT trap.

iptables -N SPECIAL # add special chain for tarpit usage

*HERE*?
iptables -A SPECIAL -p tcp -j TARPIT

#
# the following string match rules screen out nimda and other crap
#
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string "/default.ida?" -j SPECIAL iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string ".exe?/c+dir" -j SPECIAL iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string ".exe?/c+tftp" -j SPECIAL iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string "cmd.exe" -j SPECIAL iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string "vti_bin" -j SPECIAL iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string "nsiislog.dll" -j SPECIAL iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm --string "click-network.com" -j SPECIAL 

*OR HERE?*
iptables -A SPECIAL -p tcp -j TARPIT

Thanks
Eric
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux