W dniu 2012-01-20 22:00, Jan Engelhardt pisze:
TARPIT does not have much of a use for random ports without any services
because it is specific to clients sending data. You should use DELUDE at
the end of the chain, also because it does not keep any connections
around like tarpit.
Hello Jan.
Meseems TARPIT is what i need, i'd like to slow down (a little) bots
looking for mssql and other MS specific soft.
I've made quick test, it looks when TARPIT is in chain then size of all
three slabs (kmalloc-512/2048, skbuff_head_cache) slowly grow up.
Without TARPIT its size is almost constant.
It appears on host:
domU, FV, 3.1.8-hardened (i have such situation since some time, with
older kernels too) , x86_64, xtables-addons-1.37 and 1.39.
Other host doesn't suffer such problem:
bare metal, 3.1.5-hardened, i686, xtables-addons-1.37
How can i track down what is the reason of such situation?
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
