Mailinglist Archive: opensuse (5130 mails)

< Previous Next >
Re: [SLE] Intrusion attempts and hosts.deny/hosts.allow
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Fri, 19 May 2006 07:13:09 -0600
  • Message-id: <446DC465.5010007@xxxxxxxxxxxxx>
On 19/05/06 01:52, Leendert Meyer wrote:
> <snip>
>[...]
>
>Here's another option:
>
>You could also use the TARPIT extension from patch-o-matic. See
>http://www.netfilter.org/patch-o-matic/pom-extra.html, 4th item. This
>requires recompiling the kernel.
>
>iptables already knows about TARPIT (man iptables), all it needs is the TARPIT
>kernel module.
>
>
I couldn't find "TARPIT" in man iptables.

It's probably not something you'd want to use with SuSEfirewall anyway,
because that requires the conntrack module, whereas netfilter.org
suggests that using both at the same time is probably a massive waste of
resources. Other than that little hiccup, it looks like a rather elegant
solution to this sort of problem.

< Previous Next >
Follow Ups