ssh probing

[V13]

On Thursday 11 June 2009, Nick Demou wrote:
> 2009/6/9 V13 <v13 at v13.gr>:
> > kalitera, na xrisimopoihseis to "-j BLACKHOLE" toy iptables.
>
> τι είναι αυτό - πρώτη φορά το ακούω?

a) Ithela na po 'TARPIT'

b) Ap'oti blepo den synthreitai pleon (aaarg...)

Itan ena target to opoio oloklirone thn TCP syndesh kai sth synexeia kratoyse 
apla th syndesh anoixth xoris na kanei tipota. Apo th meria soy den katanalone 
poroys kai apo thn apenanti perimenan gia panta:

"The concept behind a tarpit is fairly simple. The connections come in, but 
they don't get back out. IPtables handles this by allowing a tarpitted port to 
accept any incoming TCP connection. When data transfer begins to occur, the 
TCP window size is set to zero, so no data can be transferred within the 
session. The connection is then held open, and any requests by the remote side 
to close the session are ignored. This means that the attacker must wait for 
the connection to timeout in order to disconnect. "

Mallon tha prepei na perioristeis sto 'DROP'.

<<V13>>