tarpit before or after adding chain?
Georgi Alexandrov
georgi.alexandrov at gmail.com
Sat Dec 17 10:13:31 CET 2005
Eric wrote:
> I'm a little confused about when to add the TARPIT trap.
>
> iptables -N SPECIAL # add special chain for tarpit usage
>
> *HERE*?
> iptables -A SPECIAL -p tcp -j TARPIT
>
> #
> # the following string match rules screen out nimda and other crap
> #
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string "/default.ida?" -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string ".exe?/c+dir" -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string ".exe?/c+tftp" -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string "cmd.exe" -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string "vti_bin" -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string "nsiislog.dll" -j SPECIAL
> iptables -A INPUT -i eth0 -p tcp --dport 80 -m string --algo bm
> --string "click-network.com" -j SPECIAL
>
> *OR HERE?*
> iptables -A SPECIAL -p tcp -j TARPIT
>
> Thanks
> Eric
>
>
And again ... why do you need all this, when you're running linux and
those are no harm in any way to your system?
Or you are with those guys trying to complex their lifes every single day?
More information about the netfilter
mailing list