The Original Tarpit Idea
Tom Liston developed the original tarpitting program LaBrea. It can protect an entire network with a tarpit run on a single machine.
The machine listens for ARP requests that go unanswered (indicating unused addresses), then replies to those requests, receives the initial SYN packet of the scanner and sends a SYN/ACK in response. It does not open a socket or prepare a connection, in fact it can forget all about the connection after sending the SYN/ACK. However, the remote site sends its ACK (which gets ignored) and believes the 3-way-handshake to be complete. Then it starts to send data, which never reaches a destination. The connection will time out after a while, but since the system believes it is dealing with a live (established) connection, it is conservative in timing it out and will instead try to retransmit, back-off, retransmit, etc. for quite a while.
Later versions of LaBrea also added functionality to reply to the incoming data, again using raw IP packets and no sockets or other resources of the tarpit server, with bogus packets that request that the sending site "slow down". This will keep the connection established and waste even more time of the scanner.
Read more about this topic: Tarpit (networking)
Famous quotes containing the words original and/or idea:
“The Spacious Firmament on high,
With all the blue Ethereal Sky,
And spangled Heav’ns, a Shining Frame,
Their great Original proclaim:
Th’ unwearied Sun, from day to day,
Does his Creator’s Pow’r display,
And publishes to every Land
The Work of an Almighty Hand.”
—Joseph Addison (1672–1719)
“It requires a surgical operation to get a joke well into a Scotch understanding. The only idea of wit, or rather that inferior variety of the electric talent which prevails occasionally in the North, and which, under the name of “Wut,” is so infinitely distressing to people of good taste, is laughing immoderately at stated intervals.”
—Sydney Smith (1771–1845)