Re: Honeypots

["Michael" <michael () insulin-pumpers org>]

SpamCannibal blocks spam at the origination server and can be
configured to block DoS attacks.

SpamCannibal uses a continually updated database containing the IP
addresses of spam or DoS servers and blocks their ability to connect
using a TCP/IP tarpit, ideally bringing the spam server to a virtual
halt for a long time or perhaps indefinitely. This effectively
eliminates the network traffic to your site because the spam never
leaves the origination server. Widely deployed, SpamCannibal can help
eliminate spam from the internet.

The operative piece of this gadget is

IPTables::IPv4::DBTarpit

a module based on Linux IPTABLES that uses the BerkeleyDB database to 
store IP addresses and other selected information about spammers.

Full documentation for SpamCannibal and all the modules is on the 
SpamCannibal home page and everything is downloadable from CPAN. 
Prerequisites on the DOWNLOAD page of

    http://www.spamcannibal.org   

docs are on the Documentation page.

Mail::SpamCannibal    CPAN
IPTables::IPv4::DBTarpit   CPAN

I'd be happy to answer any questions. Have two systems that have been 
running since Aug '03. 

Also running Tom Liston's labea + LaBrea::Tarpit reporting modules
at
scans.bizsystems.net
and
probes.bizsystems.net

Michael
Michael () Insulin-Pumpers org