[Dshield] Re: picnicking under flypaper

Chris Johnson Kris_Johnson at yahoo.com
Thu Mar 14 05:25:40 GMT 2002


>
>I'm working with Tom to see whether LaBrea can be installed on the
>bastion host as a TCP server rather than on a standalone tarpit box as a
>virtual host. I'd rather run it on my outer firewall and redirect scans
>to it, and not let the traffic onto my boundary network at all...

I investigated setting up a tar pit on my private little PC, but not only 
does LaBrea not work over PPP, but Zone Alarm already places unused ports 
in a "stealth" mode -- meaning that a port scan returns *nothing*, as if 
the machine doesn't exist.  This, it turns out, takes substantially longer 
to resolve than a "denied" message and as such slows things down by a 
factor of 10 or more.  Maybe there's a Linux utility that does a similar 
thing.  Personally, I'd rather slow people down by being invisible than 
tempt a DDOS with something like LaBrea.


Chris A. Johnson      http://krisjohn.cjb.net
Kris_Johnson at yahoo.com      Mob: 0412 446 312
http://members.ebay.com.au/aboutme/krishaven/

PGP Key Fingerprint       http://www.pgpi.com
   3254 BC93 9D17 C4D0  21DB E050 B69A 8F2A




More information about the list mailing list