Right way to gum up CodeRed (I think)

["M. David Leonard" <mdl () equinox shaysnet com>]

Guys-

        There is a neat 'tarpit' package called LaBrea.  It runs off a
single boot floppy (Trinux, I believe), supports vifs, and is verrrry
sticky on incoming TCP/IP connections.  Install it on an old clunker
machine you've got lying around collecting dust.  Give it some unassigned
(and unadvertised) IP addresses in your block and let it cling for up to
24 minutes on each connection attempt.  Slows CodeRed right down, with a
minimum of bandwidth wasted.  IMHO it sounds much better than 50MB
'default.ida' files.  Plus, it does the same to script kiddies trying to 
run a port scan.


                                        David Leonard
                                        ShaysNet