The Original Tarpit Idea
Tom Liston developed the original tarpitting program LaBrea. It can protect an entire network with a tarpit run on a single machine.
The machine listens for ARP requests that go unanswered (indicating unused addresses), then replies to those requests, receives the initial SYN packet of the scanner and sends a SYN/ACK in response. It does not open a socket or prepare a connection, in fact it can forget all about the connection after sending the SYN/ACK. However, the remote site sends its ACK (which gets ignored) and believes the 3-way-handshake to be complete. Then it starts to send data, which never reaches a destination. The connection will time out after a while, but since the system believes it is dealing with a live (established) connection, it is conservative in timing it out and will instead try to retransmit, back-off, retransmit, etc. for quite a while.
Later versions of LaBrea also added functionality to reply to the incoming data, again using raw IP packets and no sockets or other resources of the tarpit server, with bogus packets that request that the sending site "slow down". This will keep the connection established and waste even more time of the scanner.
Read more about this topic: Tarpit (networking)
Famous quotes containing the words original and/or idea:
“How coyote got his
ratty old fur coat
bits of old fur
the sparrows stuck on him
with dabs of pitch.
That was after he lost his proud original one in a poker game.”
—Leslie Marmon Silko (b. 1948)
“Whatever it is that the government does, sensible Americans would prefer that the government do it to somebody else. This is the idea behind foreign policy.”
—P.J. (Patrick Jake)