From owner-freebsd-net@FreeBSD.ORG  Fri Jan 16 10:21:55 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EBC3F1065670
	for <freebsd-net@freebsd.org>; Fri, 16 Jan 2009 10:21:55 +0000 (UTC)
	(envelope-from dudu@dudu.ro)
Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.190])
	by mx1.freebsd.org (Postfix) with ESMTP id B60668FC25
	for <freebsd-net@freebsd.org>; Fri, 16 Jan 2009 10:21:55 +0000 (UTC)
	(envelope-from dudu@dudu.ro)
Received: by rn-out-0910.google.com with SMTP id j71so1625389rne.12
	for <freebsd-net@freebsd.org>; Fri, 16 Jan 2009 02:21:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.150.51.2 with SMTP id y2mr5829257yby.138.1232100006374; Fri, 
	16 Jan 2009 02:00:06 -0800 (PST)
In-Reply-To: <f85d6aa70901160131l1f387992v71d613a70430e4c0@mail.gmail.com>
References: <E1LNksH-000M7S-00.need4spam-bk-ru@f253.mail.ru>
	<f85d6aa70901160131l1f387992v71d613a70430e4c0@mail.gmail.com>
Date: Fri, 16 Jan 2009 12:00:06 +0200
Message-ID: <ad79ad6b0901160200g566d907dm992de2ea752b8734@mail.gmail.com>
From: Vlad GALU <dudu@dudu.ro>
To: Ivo Vachkov <ivo.vachkov@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org, Alexey Ivanov <need4spam@bk.ru>
Subject: Re: TARPIT for pf/ipfw
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2009 10:21:56 -0000

This particular iptables module keeps the incoming connection up and
running, but it sends ACKs advertising a window size of 0 bytes, so
that the remote end can't send any data until the local process has
decided it's ok to do so. Basically it's used to slow down spammers
and worms.

On Fri, Jan 16, 2009 at 11:31 AM, Ivo Vachkov <ivo.vachkov@gmail.com> wrote:
> what does TARPIT do ?
>
> On Fri, Jan 16, 2009 at 11:20 AM, Alexey Ivanov <need4spam@bk.ru> wrote:
>> Is there any command identical to:
>>        iptables -A INPUT -p tcp -m tcp -dport 80 -j TARPIT
>>
>> If no, does anyone ever tried to implement this feature?
>>
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>
>
>
>
> --
> "UNIX is basically a simple operating system, but you have to be a
> genius to understand the simplicity." Dennis Ritchie
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>



-- 
~/.signature: no such file or directory