The Original Tarpit Idea
Tom Liston developed the original tarpitting program LaBrea. It can protect an entire network with a tarpit run on a single machine.
The machine listens for ARP requests that go unanswered (indicating unused addresses), then replies to those requests, receives the initial SYN packet of the scanner and sends a SYN/ACK in response. It does not open a socket or prepare a connection, in fact it can forget all about the connection after sending the SYN/ACK. However, the remote site sends its ACK (which gets ignored) and believes the 3-way-handshake to be complete. Then it starts to send data, which never reaches a destination. The connection will time out after a while, but since the system believes it is dealing with a live (established) connection, it is conservative in timing it out and will instead try to retransmit, back-off, retransmit, etc. for quite a while.
Later versions of LaBrea also added functionality to reply to the incoming data, again using raw IP packets and no sockets or other resources of the tarpit server, with bogus packets that request that the sending site "slow down". This will keep the connection established and waste even more time of the scanner.
Read more about this topic: Tarpit (networking)
Famous quotes containing the words original and/or idea:
“Elsa Bannister: The Chinese say “It is difficult for love to last long; therefore one who loves passionately is cured of love, in the end.”
Michael O’Hara: That’s a hard way of thinking.
Elsa: There’s more to the proverb: “Human nature is eternal; therefore one who follows his nature keeps his original nature, in the end.””
—Orson Welles (1915–1985)
“I don’t like the idea of the black race being diluted out of existence. I like the idea of all of us being here.”
—Gwendolyn Brooks (b. 1917)