>On 25 Mar 2004, James Craig Burley wrote: > >> Basically true, but that's only one aspect of tarpitting. Since the >> spammer has to keep open an available port, that's one less port he >> can use from any given IP address (using vanilla port management) to >> blast out his spam. > >No. That's one less port he can use to connect to you (on any given >destination port). He can still use the same source port to connect to >others. TCP connections are four-tuples.
Should I not trust O'Reilly's "TCP/IP Network Administration", by Craig Hunt, Second Edition, page 46, where it says, among other things consistent with this, It is the pair of port numbers, source and destination, that uniquely identifies each network connection. or do you think it is just simplifying things for the benefit of its audience? Of course, a source port could be multiplexed by the originating system such that it is "subkeyed" by the IP address and port number of packets being sent back to it. That would require any API or OS interface used to dynamically allocate such source ports to provide a means for the caller to specify the destination IP address and port number. Since I was under the impression that this is not normal behavior, I used the phrase "vanilla port management". Further, my Fedora Core 1 system does not appear to reuse dynamic port numbers when I open telnet sessions to distinct hosts. But I could be wrong. -- James Craig Burley Software Craftsperson <http://www.jcb-sc.com>
