On Thu, 21 Oct 2004, martin f krafft wrote:
the real tarpit effect actually establishes a connection, not just DROP it. so no, iptables would not give a real tarpit effect.
I *think* there is a patch to netfilter in patch-o-matic which does add real tarpit support as a target, whereby indeed the connection is established and held. It is not included in the standard netfilter debian package build, though.
the question is when these rules are removed though...
yes, that's a problem. I did not check, but there was also an experimental netfilter patch floating around to add expiration timers to iptables rules. I don't know the status of this one, but it would solve this problem (and other similar ones) very nicely. I will try and check next week on the official netfilter web site, when I get some spare time.
bye Giacomo
-- _________________________________________________________________
Giacomo Mulas <[EMAIL PROTECTED]> _________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
