Re: tarpit before or after adding chain?

[Georgi Alexandrov <georgi.alexandrov@xxxxxxxxx>]

Eric wrote:

> I'm a little confused about when to add the TARPIT trap.
>
> iptables -N SPECIAL # add special chain for tarpit usage
>
> *HERE*?
> iptables -A SPECIAL -p tcp -j TARPIT
>
> #
> # the following string match rules screen out nimda and other crap
> #
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string "/default.ida?"     -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string ".exe?/c+dir"       -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string ".exe?/c+tftp"      -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string "cmd.exe"           -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string "vti_bin"           -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string "nsiislog.dll"      -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp  --dport 80 -m string --algo bm 
> --string "click-network.com" -j SPECIAL
>
> *OR HERE?*
> iptables -A SPECIAL -p tcp -j TARPIT
>
> Thanks
> Eric
And again ... why do you need all this, when you're running linux and 
those are no harm in any way to your system?
Or you are with those guys trying to complex their lifes every single day?