On Sat, Feb 02, 2008 at 08:39:56PM +0900, John Summerfield wrote:
>> Whatever their resource pool you slow it down by consuming it w/o
>> consuming any of your's. Good for you and other fellow sysadmins that
>> are attacked at the same time.
>
> Why would the attacker be attacking only one system?

You can only defned your systems, not everyone else's. But you can
spread the word on how the others can achive the same level of
security as you have.

> Finding a tarpit will slow down just one of the processes/threads, and not
> for long unless it's poorly programmed.

The same argument would apply to greylisting and yet, it is the most
effective anti-speam measure ever.

>> If tarpitted you decide when to untar them. If you place a high
>> untarring time like one hour then the attacker has 24 tries per day,
>> not really much to inflict any damage.
>
> If I seriously want to test you, I can aim my entire botnet at you if I
> wish. If you think you're allowing me 24 attempts in a day, and I'm aiming
> as few as 100 bots at you, then that gives me 2400 attempts in the day.

2400/day is still very little compared to the same number per second.

>>> We're talking about criminals here, not your average teenage pest.
>>
>> So there is a difference? ;)
>
> I think you will find the criminals more determined, and probably better
> researched.

The above was a joke, and indeed if there are criminal minds in the
game, then they probably will nto randomly attack any site in the
world, but very specific ones. So the tarpitting slowdown will be even
more effective, as they soon run out of hosts to attack.

Anyway, I'm not the inventor of tarpitting, not it's defender or
salesman. I just pointed the OP to read more about tarpitting as this
might solve his problems.
--
Axel.Thimm at ATrpms.net

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list