HTTP DDoS Attack Mitigation Using Tarpitting

Recently, the anti-spam organization Spamhaus has come under yet another distributed denial-of-service attack. With some help from our good friends at myNetWatchman we were able to obtain a sample of the malware used in the attack. This one is particularly nasty, starting up 1500 threads to send randomized HTTP requests to Spamhaus’ webserver in a […]

Read More →
Utiliser tarpit avec iptables sous ubuntu server 10.04

Lorsqu’on a une machine sous linux qu’on souhaite protéger, la première qu’on fait est d’établir des règles de firewall. On va autoriser juste ce que l’on souhaite, et « dropper » le reste, c’est à dire ne pas répondre aux autres connexions, afin de ne pas trop perdre de bande passante et de ressouces. Et pour ce […]

Read More →
Debian TARPIT iptables How To

After recently upgrading some of my servers to Debian Wheezy, I noticed the xtables-addons-dkms package is now available. This means you no longer have to build the iptables modules from source to get tarpit support (and more). If you are not sure what the tarpit target is or why you would want to use it, a […]

Read More →
Slow Down Internet Worms With Tarpits

Worms, worms are everywhere! The recent and prolific spread of Internet worms has yet again demonstrated the vulnerability of network hosts, and it’s clear that new approaches to worm containment need to be investigated. In this article, we’ll discuss a new twist on an under-utilized technology: the tarpit. The Worms In a nutshell, worm technology […]

Read More →