> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mike Galvez
> Sent: Wednesday, September 08, 2004 7:55 AM
> To: Ted Mittelstaedt
> >
> > If you successfully erect a network block, the cracker's software
> > will just go to the next IP in the sequence to attack.  Your actually
> > doing more damage to the cracker's distributed network by your SSH
> > server patiently saying no, no, no, no, no, no, etc. for 20-50 thousand
> > times, because that ties the cracked PC up for a lot longer just working
> > away at your system.
>
> This is why I was curious about tar-pitting. The attacker is banging away
> at common user accounts every 3 to 5 seconds sometimes more than
> a thousand
> times. A tar pit or something like it could slow the attack to maybe four
> attempts in an hour as opposed to a thousand.
>

No it won't because the attackers know they are unloved, and they use
scanning
software that will abandon the attempt after a settable timeout.

Try running Nessus sometime against a tarpitted IP.  Tarpits were fine
against
extremely unsophisticated software but the war has moved on.

Ted

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to