Eric wrote:
I'm a little confused about when to add the TARPIT trap.
iptables -N SPECIAL # add special chain for tarpit usage
*HERE*?
iptables -A SPECIAL -p tcp -j TARPIT
#
# the following string match rules screen out nimda and other crap
#
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string "/default.ida?" -j SPECIAL
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string ".exe?/c+dir" -j SPECIAL
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string ".exe?/c+tftp" -j SPECIAL
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string "cmd.exe" -j SPECIAL
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string "vti_bin" -j SPECIAL
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string "nsiislog.dll" -j SPECIAL
iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
--string "click-network.com" -j SPECIAL
*OR HERE?*
iptables -A SPECIAL -p tcp -j TARPIT
Thanks
Eric
And again ... why do you need all this, when you're running linux and
those are no harm in any way to your system?
Or you are with those guys trying to complex their lifes every single day?