You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "John D. Hardin" <jh...@impsec.org> on 2006/12/13 01:25:54 UTC
Tarpits are fun!
{snicker!}
Dec 12 09:48:03 ga : Initial Connect - tarpitting: 124.240.124.222 60241 -> x.x.x.x 25
Dec 12 09:44:20 ga : Initial Connect - tarpitting: 124.240.124.222 53486 -> x.x.x.x 25 *
Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526 -> x.x.x.x 25 *
...
Dec 12 16:08:06 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25
Dec 12 16:09:04 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25 *
Dec 12 16:11:19 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25
Dec 12 16:12:07 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25 *
Dec 12 16:13:05 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25
Dec 12 16:16:08 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25 *
Dec 12 16:17:05 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25
Dec 12 16:19:20 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25 *
Three spambot threads stuck for *hours*!
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
3 days until Bill of Rights day
Re: Tarpits are fun!
Posted by Ray Anderson <rs...@rb-com.com>.
Nicely done!
John D. Hardin wrote:
> {snicker!}
>
> Dec 12 09:48:03 ga : Initial Connect - tarpitting: 124.240.124.222 60241 -> x.x.x.x 25
> Dec 12 09:44:20 ga : Initial Connect - tarpitting: 124.240.124.222 53486 -> x.x.x.x 25 *
> Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526 -> x.x.x.x 25 *
> ...
> Dec 12 16:08:06 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25
> Dec 12 16:09:04 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25 *
> Dec 12 16:11:19 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25
> Dec 12 16:12:07 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25 *
> Dec 12 16:13:05 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25
> Dec 12 16:16:08 ga : Persist Activity: 124.240.124.222 53486 -> x.x.x.x 25 *
> Dec 12 16:17:05 ga : Persist Activity: 124.240.124.222 60241 -> x.x.x.x 25
> Dec 12 16:19:20 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25 *
>
> Three spambot threads stuck for *hours*!
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> The question of whether people should be allowed to harm themselves
> is simple. They *must*. -- Charles Murray
> -----------------------------------------------------------------------
> 3 days until Bill of Rights day
>
>
>
RE: Tarpits are fun!
Posted by "John D. Hardin" <jh...@impsec.org>.
On Tue, 12 Dec 2006, John D. Hardin wrote:
> http://www.impsec.org/~jhardin/antispam/spammer-firewall
>
> plus labrea with patches I worked up this weekend:
>
> http://sourceforge.net/projects/labrea
>
> http://sourceforge.net/tracker/index.php?func=detail&aid=1612818&group_id=70896&atid=529395
>
> I still need to figure out why labrea is only accepting a
> 1000-character-ish BPF filter when the buffer is 65K in size.
Okay, that's fixed too.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is not the business of government to make men virtuous or
religious, or to preserve the fool from the consequences of his own
folly. -- Henry George
-----------------------------------------------------------------------
Tomorrow: Bill of Rights day
RE: Tarpits are fun!
Posted by "John D. Hardin" <jh...@impsec.org>.
On Tue, 12 Dec 2006, R Lists06 wrote:
> > Three spambot threads stuck for *hours*!
>
> How are you implementing this?
http://www.impsec.org/~jhardin/antispam/spammer-firewall
plus labrea with patches I worked up this weekend:
http://sourceforge.net/projects/labrea
http://sourceforge.net/tracker/index.php?func=detail&aid=1612818&group_id=70896&atid=529395
It should be pretty trivial for the spambot makers to modify their
code to disconnect immediately from servers with "tarpit" or
"teergrube" in the greeting banner, so you'll probably want to
customize the banner labrea uses if you decide to do this.
'couse, if they do that then we can all put something like "no tarpit"
in our MTA greeting banners to make the spambots go away... :)
I still need to figure out why labrea is only accepting a
1000-character-ish BPF filter when the buffer is 65K in size.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad. -- James Madison, 1799
-----------------------------------------------------------------------
3 days until Bill of Rights day
RE: Tarpits are fun!
Posted by R Lists06 <li...@abbacomm.net>.
> Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526 -
> > x.x.x.x 25 *
snip
> Dec 12 16:19:20 ga : Persist Activity: 124.240.124.222 14526 -> x.x.x.x 25
> *
>
> Three spambot threads stuck for *hours*!
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
How are you implementing this?
- rh
--
Robert - Abba Communications
Computer & Internet Services
(509) 624-7159 - www.abbacomm.net