On 6 Mar 2005, at 04:06, Bob wrote:
Would this mean any change for pperling plugins?
It shouldn't do.
I'd like to have qpsmtpd and gatling and tinydns running faster than wire speed, beat the ddossing maggots that way.
Not sure how you have things running faster than wire speed, but whatever floats your boat :-)
Could you fork off a tarpit, qpsmtpd DONE, and forget it? I want to tarpit policy/dictionary scans, distract their eyes, retard their address gathering, make them reveal more IP's. Don't mean to digress but you said you're honeypotting.
Tarpitting is trivial with this setup - no need to fork off and forget it because extra connections don't use up any more CPU/memory, so you just keep hold of the connection and tarpit for as long as you want.
[Though I do need to write a tarpit module to do this, but it's like 20 lines of code]
Matt.
