The Original Tarpit Idea
Tom Liston developed the original tarpitting program LaBrea. It can protect an entire network with a tarpit run on a single machine.
The machine listens for ARP requests that go unanswered (indicating unused addresses), then replies to those requests, receives the initial SYN packet of the scanner and sends a SYN/ACK in response. It does not open a socket or prepare a connection, in fact it can forget all about the connection after sending the SYN/ACK. However, the remote site sends its ACK (which gets ignored) and believes the 3-way-handshake to be complete. Then it starts to send data, which never reaches a destination. The connection will time out after a while, but since the system believes it is dealing with a live (established) connection, it is conservative in timing it out and will instead try to retransmit, back-off, retransmit, etc. for quite a while.
Later versions of LaBrea also added functionality to reply to the incoming data, again using raw IP packets and no sockets or other resources of the tarpit server, with bogus packets that request that the sending site "slow down". This will keep the connection established and waste even more time of the scanner.
Read more about this topic: Tarpit (networking)
Famous quotes containing the words original and/or idea:
“Revolution as an ideal concept always preserves the essential content of the original thought: sudden and lasting betterment.”
—Johan Huizinga (1872–1945)
“The ladies understood each other, in the careful way that ladies do once they understand each other. They were rather a pair than a couple, supporting each other from day to day, rather a set of utile, if ill-matched, bookends between which stood the opinion and idea in the metaphorical volumes that both connected them and kept them apart.”
—Alexander Theroux (b. 1940)