Want to use a network tarpit? It’s so easy to set up! Thanks to jpds for this whole post. :)
sudo module-assistant auto-install xtables-addons-source sudo iptables -p tcp ... -j TARPIT
Though no such thing exists for IPv6 yet.
Here it is watching over the SSH port:
iptables -N INGRESS-SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j INGRESS-SSH iptables -A INGRESS-SSH -p tcp --dport 22 -m state --state NEW -m recent --name SSH --set iptables -A INGRESS-SSH -p tcp --dport 22 -m state --state NEW -m recent --name SSH --update --rttl --seconds 60 --hitcount 4 -j LOG --log-prefix "[INGRESS SSH TARPIT] " iptables -A INGRESS-SSH -p tcp --dport 22 -m state --state NEW -m recent --name SSH --rcheck --rttl --seconds 60 --hitcount 4 -j TARPIT
© 2010, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.