On Sun, Apr 01, 2007 at 11:49:06AM -0600, darren kirby wrote: > I realize there is a sense of satisfaction from using the TARPIT target that > is appealing, however you must consider: > > 1. These ssh bruteforce attacks are almost certainly coming from a zombie > botnet, and thus there is no human to realize their connection has > been 'stuck'. The zombie will happily freeze for 30 seconds then try again. >
I use a -j DROP for my script that lasts for 1 hour. My experience from two years ago when I wrote that script was that the Bots stops trying after 5 minutes or so. YMMV W -- Willie W. Wong [EMAIL PROTECTED] 408 Fine Hall, Department of Mathematics, Princeton University, Princeton A mathematician's reputation rests on the number of bad proofs he has given. -- [email protected] mailing list
