Re: Tar pits with honeyd 1.0

[Niels Provos <provos () citi umich edu>]

Tarpit allows data transmission but only very slowly.

Niels.

On Mon, Feb 07, 2005 at 11:03:34AM -0500, Francois Meehan wrote:
> Hi all,
>
> What is supposed to be the behaviour of tarpit function?
>
> We created the following:
>
> create sticky
> set sticky personality "Microsoft Windows 2000 SP1"
> set sticky default tcp action tarpit open
> set sticky default udp action block
>
> bind 172.31.1.20 sticky
>
> Now when telnet that machine on port 25 I get:
>
> Connected to 172.31.1.20.
> Escape character is '^]'.
>
> I can type characters, it is not frozen per say. I thought
> the "data entry" would be stuck and receive 0 windows lenght packet from
> honeyd. Is this the right behaviour?
>
> Regards,
>
>
> Francois
>
>
> Random Thought:
> ---------------
> Using a metaphor in front of men as unimaginative as Ridcully was like a red rag in front of a bu -- was like putting 
> something very annoyting in front of someone who was annoyed by it.
> (Lords and Ladies)