On Mon, 19 Aug 2013 08:36:14 -0700 (PDT) John Hardin <jhar...@impsec.org> wrote:
[...] > In addition, tarpitting is at least partly intended to help *others*, > by getting the attacker stuck before it moves on to the next target. OK; I guess it's just a difference in mindset. I approach the problem with the following assumptions: 1) I assume that no matter how much computing power I have, the attacker has at least an order of magnitude more. 2) I assume that no matter how much bandwidth I have, the attacker has at least an order of magnitude more. These assumptions are not always true (probably not even usually true), but they're certainly true for the worst offenders who send the bulk of spam. They also keep me humble and prevent me from having a false sense of security. > FWIW I also do it for PHP scans and it seems somewhat effective > there. It's *very* effective for MSSQL scanners. How do you measure the effectiveness? Regards, David.
