Re: lug-bg: Странна атака
- Subject: Re: lug-bg: Странна атака
- From: Pavel Pyuter <pavel@xxxxxxxxxxx>
- Date: Mon, 5 Apr 2004 21:31:19 +0300
- Organization: unix-bg.org
On Thu, 1 Apr 2004 23:00:59 +0300
raptor wrote:
> ami sigurno ima predwid (ako stawa wapros za IP), slagash
> mashina s mnogo adresi da rechem class C, koqto wryshta response
> sled kolko se move poweche wreme (max timeout), po tozi nachin
> machinata koqto da rechem prawi ping (ako polzwame icmp za primer)
> trqbwa da dyrvi strukturi (buffers, variables i procesorno wreme)
> za po dylgo wreme taka che kolkoto poweche ping-owe prawi
> tolkowa poweche se towari... i po toq nachin atakuwashtiqt stawa
> vertwa na sobstwenata si ataka..:")
> Potyrsi w google za "LaBrea"
>
>
>
> > On Thursday 01 April 2004 12:36, Vesselin Kolev wrote:
> > > А... как никой не се сети, че подобни атаки се тушират чрез специални
> > > машини, наречени "черни дупки"? :)
> > >
> > > Весо
не е ли по-добре да си сложи TARPIT target за netfilter ?
copy/paste от menuconfig:
"CONFIG_IP_NF_TARGET_TARPIT: x
x x
x Adds a TARPIT target to iptables, which captures and holds x
x incoming TCP connections using no local per-connection resources. x
x Connections are accepted, but immediately switched to the persist x
x state (0 byte window), in which the remote side stops sending data x
x and asks to continue every 60-240 seconds. Attempts to close the x
x connection are ignored, forcing the remote side to time out the x
x connection in 12-24 minutes. x
x x
x This offers similar functionality to LaBrea x
x <http://www.hackbusters.net/LaBrea/> but doesn't require dedicated x
x hardware or IPs. Any TCP port that you would normally DROP or REJECT x
x can instead become a tarpit."
както си пише няма нужда от машина с много IPs.
----------
sks.keyserver.penguin.de
X-OpenPGP-KeyID: BCB0C3F4
X-OpenPGP-Fingerprint: A321 95C9 7523 82FD 823D 56D2 C1A6 4A38 BCB0 C3F4
----------
Attachment:
pgphjyMWuHCO1.pgp
Description: PGP signature
|