* * * * *

                       Slowly working through a tarpit

Since we have this endless supply of Cobalt RaQs [1] at The Office, I used
one to set up a LaBrea Tarpit system [2]. Playing around with it I noticed
that LaBrea doesn't stop port scans per se, since port scanners tend to do
the TCP (Transmission Control Protocol) handshake then drop the connection,
whereas LeBrea will put a connection on hold indefinitely (assuming the other
side keeps the connection up). It will also (as I ran it) accept connections
on every single TCP port, all 65,536 of them, which is something that doesn't
happen on a real server, so I may have to limit the number of ports LaBrea
responds to.

[1] gopher://gopher.conman.org/0Phlog:2005/04/25.2
[2] gopher://gopher.conman.org/0Phlog:2006/01/02.1

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.