On Tue, 1 Jan 2008, mouss wrote: > John D. Hardin wrote: > > On Mon, 31 Dec 2007, Mike Cisar wrote: > > > > > >> Even tried yanking the IP address off of the server over the > >> holidays in the hope that whatever it was would just give up. No > >> such luck, within a minute of reactivating the IP to the server > >> this morning the traffic was back to full flow. > > > > Tarpit 'em. > > > > http://sourceforge.net/projects/labrea > > Tarpitting may not be the right answer, because "they" have a lot > more resources than us
I may have misunderstood what Mike was saying in his original post - I thought that the traffic was originating from a single IP and that was what he had firewalled. Later messages indicate he's being flooded by a botnet and he'd firewalled his local IP, so tarpitting is obviously a less attractive solution - but, consider: if a few thousand bots get snared in his tarpit, are they blocked from spamming others for as long as they are snared? A tarpit is as much a community defense as it is a personal defense. Agreed, a DNSBL using the zen list is a better way to defend against a spambot network. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- W-w-w-w-w-where did he learn to n-n-negotiate like that? ----------------------------------------------------------------------- 144 days until the Mars Phoenix lander arrives at Mars
