Re: iptables TARPIT

"ElCuervo" <cuervo73@xxxxxxxxxx> (06-06-24 19:09:25):

I have some iptables POM extensions ompiled into my 2.4.32 kernel
including TARPIT. And, I have crafted some rules to tarpit some
persistent IP's. But, this only works for TCP traffic.. how does one
slow down the pervasive unwanted UDP and ICMP traffic?

By not replying at all. Those protocols are not connection-oriented, so
you couldn't freeze scanners much, anyway. By the way, don't forget
that each frozen TARPIT connection actually uses resources on your
system. I don't think that it allows DoS attacks, but for older
systems, this may be a stability problem. I wouldn't use it for now,
and instead just keep DROP-ing unwanted packets. There is some reason
for the TARPIT target not to be in the stable releases.