tarpit, anybody?
Calomel
nginxdeletethis at calomel.org
Fri Aug 1 17:18:29 MSD 2008
Jeffery,
I am not sure if Nginx is the right place for a tarpit. Tarpitting on
the firewall may be a better solution so nginx can just handle web
traffic.
Iptables allows you to tarpit connections easily, but you will have to
manage a table of clients you want to slow down. The following rule
will tarpit all connections to port 80.
iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT
PF (openbsd) does not yet have a tarpit ability for standard tcp
connections. Spamd will only work to tarpit mail servers.
There are also third party apps like LeBrea or HoneyPot that will do
what you want.
--
Calomel @ https://calomel.org
Open Source Research and Reference
On Fri, Aug 01, 2008 at 09:59:12AM +0800, Jeffrey 'jf' Lim wrote:
> hi guys, I was just wondering about the feasibility of doing up a tarpit
> in nginx (either in nginx source itself, or as a module). Has anybody
> looked into this area, is looking into this area, or is interested in
> looking into this area? Would this be feasible to implement inside of
> nginx - or should it best be left to an external process outside of nginx?
>
> -jf
>
> --
> In the meantime, here is your PSA:
> "It's so hard to write a graphics driver that open-sourcing it would not
> help."
> -- Andrew Fear, Software Product Manager, NVIDIA Corporation
> [1]http://kerneltrap.org/node/7228
>
>References
>
> Visible links
> 1. http://kerneltrap.org/node/7228
More information about the nginx
mailing list