LaBrea Tarpit

November 19th, 2007

I finally got around to testing out labrea last night. It works as described, though I didn't test it out too extensively. I ran it on a debian machine, and had it listen on a two different ips. Nmap didn't seem to have much trouble with it, but trying to access that virtual ip with ssh or a web client would result in an incredible long timeout. That is very interesting.

I got to thinking whether it really was a useful mechanism though. Would a well designed firewall ruleset do the trick? It might be more useful if you have a ton of IP addresses which can be used as a tarpit, but in my case where I only have a few, it might not make sense.


Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022