You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pedro David Marco <pe...@yahoo.com> on 2019/03/11 09:03:18 UTC
Semioff-topic: DoS mitigation technique mentioned in SA-list
Hi all,
Not a long time ago someone in the list mentioned an interesting antiDos mitigation technique consisting in "playing" with attackers TCP windows sizes... (as far as i remember)... but i cannot find the post with the name of the tehcnique :-(
Please, if someone remembers the name of the technique, tell me off-list..
Thanks a lot in advance...
-------PedroD.
Re: Semioff-topic: DoS mitigation technique mentioned in SA-list
Posted by John Hardin <jh...@impsec.org>.
On Mon, 11 Mar 2019, Pedro David Marco wrote:
> Not a long time ago someone in the list mentioned an interesting antiDos
> mitigation technique consisting in "playing" with attackers TCP windows
> sizes... (as far as i remember)... but i cannot find the post with the
> name of the tehcnique :-( Please, if someone remembers the name of the
> technique, tell me off-list..
It's not so much an anti-DoS technique as a way to waste the attacker's
resources with minimum investment of *your* resources - for example, if
you have a spammer from a predictable IP who is persistent even in the
face of 100% SMTP rejects of anything from that IP.
The term is "TCP Tarpit".
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Maxim XI: Everything is air-droppable at least once.
-----------------------------------------------------------------------
2 days until Albert Einstein's 140th Birthday
Re: Semioff-topic: DoS mitigation technique mentioned in SA-list
Posted by Rupert Gallagher <ru...@protonmail.com>.
Tarpitting?
On Mon, Mar 11, 2019 at 10:03, Pedro David Marco <pe...@yahoo.com> wrote:
> Hi all,
>
> Not a long time ago someone in the list mentioned an interesting antiDos mitigation technique consisting in "playing" with attackers TCP windows sizes... (as far as i remember)... but i cannot find the post with the name of the tehcnique :-(
>
> Please, if someone remembers the name of the technique, tell me off-list..
>
> Thanks a lot in advance...
>
> -------
> PedroD.