a big "boo-boo" to all those suckers trying to portscan my systems. the tarpit flypaper works perfectly well, as can be seen on these graphs of packets going to the tarpit.


currently i've got no packet logging on as that does produce a nasty amount of logs, but for simple test purposes tcpdump is fully sufficient: tcpdump -n "tcp[14:2] = 0" shows exactly the zero-window-tarpitted stuff.

the next thing i'm doing just now ist to add the random patch to make these boxes look a little less well connected so that the intake of crap goes down a bit.

[ published on Tue 31.08.2004 01:18 | filed in still-not-king | ]
Debian Silver Server
© Alexander Zangerl