tarpit, anybody?

Calomel nginxdeletethis at calomel.org
Fri Aug 1 17:18:29 MSD 2008


I am not sure if Nginx is the right place for a tarpit. Tarpitting on
the firewall may be a better solution so nginx can just handle web

Iptables allows you to tarpit connections easily, but you will have to
manage a table of clients you want to slow down. The following rule
will tarpit all connections to port 80.

iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT

PF (openbsd) does not yet have a tarpit ability for standard tcp
connections. Spamd will only work to tarpit mail servers.

There are also third party apps like LeBrea or HoneyPot that will do
what you want.

  Calomel @ https://calomel.org
  Open Source Research and Reference

On Fri, Aug 01, 2008 at 09:59:12AM +0800, Jeffrey 'jf' Lim wrote:
>   hi guys, I was just wondering about the feasibility of doing up a tarpit
>   in nginx (either in nginx source itself, or as a module). Has anybody
>   looked into this area, is looking into this area, or is interested in
>   looking into this area? Would this be feasible to implement inside of
>   nginx - or should it best be left to an external process outside of nginx?
>   -jf
>   --
>   In the meantime, here is your PSA:
>   "It's so hard to write a graphics driver that open-sourcing it would not
>   help."
>   -- Andrew Fear, Software Product Manager, NVIDIA Corporation
>   [1]http://kerneltrap.org/node/7228
>   Visible links
>   1. http://kerneltrap.org/node/7228

More information about the nginx mailing list