TARPIT for pf/ipfw
Vlad GALU
dudu at dudu.ro
Fri Jan 16 02:21:56 PST 2009
This particular iptables module keeps the incoming connection up and
running, but it sends ACKs advertising a window size of 0 bytes, so
that the remote end can't send any data until the local process has
decided it's ok to do so. Basically it's used to slow down spammers
and worms.
On Fri, Jan 16, 2009 at 11:31 AM, Ivo Vachkov <ivo.vachkov at gmail.com> wrote:
> what does TARPIT do ?
>
> On Fri, Jan 16, 2009 at 11:20 AM, Alexey Ivanov <need4spam at bk.ru> wrote:
>> Is there any command identical to:
>> iptables -A INPUT -p tcp -m tcp -dport 80 -j TARPIT
>>
>> If no, does anyone ever tried to implement this feature?
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
>
>
> --
> "UNIX is basically a simple operating system, but you have to be a
> genius to understand the simplicity." Dennis Ritchie
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
--
~/.signature: no such file or directory
More information about the freebsd-net
mailing list