Date: Fri, 16 Jan 2009 12:00:06 +0200 From: Vlad GALU <dudu@dudu.ro> To: Ivo Vachkov <ivo.vachkov@gmail.com> Cc: freebsd-net@freebsd.org, Alexey Ivanov <need4spam@bk.ru> Subject: Re: TARPIT for pf/ipfw Message-ID: <ad79ad6b0901160200g566d907dm992de2ea752b8734@mail.gmail.com> In-Reply-To: <f85d6aa70901160131l1f387992v71d613a70430e4c0@mail.gmail.com> References: <E1LNksH-000M7S-00.need4spam-bk-ru@f253.mail.ru> <f85d6aa70901160131l1f387992v71d613a70430e4c0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This particular iptables module keeps the incoming connection up and running, but it sends ACKs advertising a window size of 0 bytes, so that the remote end can't send any data until the local process has decided it's ok to do so. Basically it's used to slow down spammers and worms. On Fri, Jan 16, 2009 at 11:31 AM, Ivo Vachkov <ivo.vachkov@gmail.com> wrote: > what does TARPIT do ? > > On Fri, Jan 16, 2009 at 11:20 AM, Alexey Ivanov <need4spam@bk.ru> wrote: >> Is there any command identical to: >> iptables -A INPUT -p tcp -m tcp -dport 80 -j TARPIT >> >> If no, does anyone ever tried to implement this feature? >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > > -- > "UNIX is basically a simple operating system, but you have to be a > genius to understand the simplicity." Dennis Ritchie > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- ~/.signature: no such file or directory
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ad79ad6b0901160200g566d907dm992de2ea752b8734>