Standalone Sticky Tarpit Needed

Discussion in 'other firewalls' started by TECHWG, Apr 26, 2006.

Thread Status:
Not open for further replies.
  1. TECHWG

    TECHWG Guest

    How can i get a tarpit that will work with my firewall i already have? i want to be able to input ranges of ports to tarpit.
     
  2. Antus

    Antus Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    76
    8Signs Firewall has the tarpit feature incorporated within its firewall. Its very effective to say the least. You may want to trial it to see how you like it.
    http://www.8signs.com
     
  3. TECHWG

    TECHWG Guest

    LOL i have 8 signs, and its not compatible with Sunbelt Kerio . . thats why i need a stand alone one. 8signs can not do what i need and it stops my kerio from working = No net connection.
     
  4. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  5. TECHWG

    TECHWG Guest

    THing, is that i need a tarpit that will keep the sockets connected and make them loose their steam and force them to reboot before they can scan me again. I have done this with 8signs but i cant use that firewall in my situation.
     
  6. TECHWG

    TECHWG Guest

    Basically . . . heres the concept:

    A personal firewall makes all closed ports STEALTH . . . well i want all my closed ports to appear OPEN and be Tarpitted so that all connections get stuck. (tarpitted ports dont use any system resources either . . .) all the ports that show as STEALTH would instead be OPEN TARPIT... Thus slowing down scans and hackers instead of just making them slip by you.
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Sorry if this seems dense on my part...

    Since you already have 8-signs and have gotten it working with your tarpits, why don't you use it? Just disable incoming filtering for Kerio and NDIS, then no double packet filtering will occur, and Kerio will be reduced do an application control only firewall.

    Cheers,

    Alphalutra1
     
  8. TECHWG

    TECHWG Guest

    I tried and kerio does not want to work. . . also i want ALL closed ports tarpitted which 8signs can not do withought blocking all incoming (solicited or non-solicited) I need a firewall that will tarpit all closed ports. and frankly i dont see that one exists, unless someone knows something that i can rig up like that . .
     
  9. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  10. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Just a small FYI, having your ports stealthed will slow down scans greatly since the scanner has to wait a few seconds for a response on each port (rather than getting a "port closed" message back in a split-second which would be the case with a closed port).

    Also anyone considering tarpitting needs to take care that they do not include ports being used by applications they run (e.g. file-sharing networks). It probably would be better to limit tarpitting to specific ports only (e.g. port 25 SMTP to catch spammers looking for open mail relays) just to avoid any collateral effects.
     
  12. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Nice points, but I must say that I very much enjoy viewing all the attempts on my fake servers :D

    KFSensor Pro. although very expensive is incredibly configurable and detailed; I'm impressed with it.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes it is good,..I used this at home for a short time, and enjoyed watching all the attempts from my ISP to gain entry.
     
  14. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Right now I have 3,960 people stuck according to KFSensor...
     
Loading...
Thread Status:
Not open for further replies.