You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Pedro David Marco <pe...@yahoo.com> on 2019/03/11 09:03:18 UTC

Semioff-topic: DoS mitigation technique mentioned in SA-list

Hi all,
Not a long time ago someone in the list mentioned an interesting antiDos mitigation technique consisting in "playing" with attackers TCP windows sizes... (as far as i remember)... but i cannot find the post with the name of the tehcnique :-(
Please, if someone remembers the name of the technique, tell me off-list..
Thanks a lot in advance...
-------PedroD.

Re: Semioff-topic: DoS mitigation technique mentioned in SA-list

Posted by John Hardin <jh...@impsec.org>.

On Mon, 11 Mar 2019, Pedro David Marco wrote:

> Not a long time ago someone in the list mentioned an interesting antiDos 
> mitigation technique consisting in "playing" with attackers TCP windows 
> sizes... (as far as i remember)... but i cannot find the post with the 
> name of the tehcnique :-( Please, if someone remembers the name of the 
> technique, tell me off-list..

It's not so much an anti-DoS technique as a way to waste the attacker's 
resources with minimum investment of *your* resources - for example, if 
you have a spammer from a predictable IP who is persistent even in the 
face of 100% SMTP rejects of anything from that IP.

The term is "TCP Tarpit".


-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Maxim XI: Everything is air-droppable at least once.
-----------------------------------------------------------------------
  2 days until Albert Einstein's 140th Birthday

Re: Semioff-topic: DoS mitigation technique mentioned in SA-list

Posted by Rupert Gallagher <ru...@protonmail.com>.

Tarpitting?

On Mon, Mar 11, 2019 at 10:03, Pedro David Marco <pe...@yahoo.com> wrote:

> Hi all,
>
> Not a long time ago someone in the list mentioned an interesting antiDos mitigation technique consisting in "playing" with attackers TCP windows sizes... (as far as i remember)... but i cannot find the post with the name of the tehcnique :-(
>
> Please, if someone remembers the name of the technique, tell me off-list..
>
> Thanks a lot in advance...
>
> -------
> PedroD.