Hello Florin, Tarpit is a recent addition to iptables that would be great to see before Alpha becomes Beta.
Rather than just dropping or rejecting a connection request, tarpit opens the connection with a zero byte window keeping the seesion open on the remote system for 12 to 24 minutes. Tarpit would take minimal resources on MNF but consumes the associated resources on the remote system. It would be great to see tarpit added to either the rules or as a list. I'd much rather tarpit the IPs on my blacklist than just drop them. Every single IP on my blacklist has done or attempted some sinister thing to one of my systems to end up there. It should be possible to add tarpit as a function like drop, reject, etc. as long as the kernel is patched for it. Tarpit would ideally work for all traffic to a single or range of ports, for all traffic from a single or range of ips, or a combination of both. For example, tarpitting all traffic to port 135 or ports 1024- 65535, or tarpitting all traffic from 212.7.x.x/16. Come to think of it, another thing I think would be great is the ability to tarpit or drop imports of our favorite spam and open relay realtime block lists! Best regards always and thanks for the great product, Doug.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
