> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Mike Galvez > Sent: Wednesday, September 08, 2004 7:55 AM > To: Ted Mittelstaedt > > > > If you successfully erect a network block, the cracker's software > > will just go to the next IP in the sequence to attack. Your actually > > doing more damage to the cracker's distributed network by your SSH > > server patiently saying no, no, no, no, no, no, etc. for 20-50 thousand > > times, because that ties the cracked PC up for a lot longer just working > > away at your system. > > This is why I was curious about tar-pitting. The attacker is banging away > at common user accounts every 3 to 5 seconds sometimes more than > a thousand > times. A tar pit or something like it could slow the attack to maybe four > attempts in an hour as opposed to a thousand. >
No it won't because the attackers know they are unloved, and they use scanning software that will abandon the attempt after a settable timeout. Try running Nessus sometime against a tarpitted IP. Tarpits were fine against extremely unsophisticated software but the war has moved on. Ted _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"