rich...@buzzhost.co.uk wrote: > On Thu, 2009-11-26 at 08:57 +0100, Per Jessen wrote: >> rich...@buzzhost.co.uk wrote: >> >> > On Wed, 2009-11-25 at 14:04 -0500, Alex wrote: >> >> > iptables -A FIREWALL -s 127.0.0.0/8 -j DROP >> >> >> >> Nah, use REJECT so you get that immediate satisfaction :-) >> >> >> >> Alex >> > >> > NO NO NO NO NO! >> > Drop has the effect of tarpitting them :-) >> >> Not quite, tarpitting is the next step. >> >> >> /Per Jessen, Zürich >> > Hence 'The effect', that is - to delay progress. They send SYN, no > answer (but they wait for the answer) hence, has the effect.
Very true - I was thinking more in terms of the iptables tarpit module. I think there is a postgrey tarpit extension too. /Per Jessen, Zürich
