Standalone Sticky Tarpit Needed

How can i get a tarpit that will work with my firewall i already have? i want to be able to input ranges of ports to tarpit.

 

8Signs Firewall has the tarpit feature incorporated within its firewall. Its very effective to say the least. You may want to trial it to see how you like it.
http://www.8signs.com

 

LOL i have 8 signs, and its not compatible with Sunbelt Kerio . . thats why i need a stand alone one. 8signs can not do what i need and it stops my kerio from working = No net connection.

 

http://www.honeypots.net/honeypots/products

 

THing, is that i need a tarpit that will keep the sockets connected and make them loose their steam and force them to reboot before they can scan me again. I have done this with 8signs but i cant use that firewall in my situation.

 

Basically . . . heres the concept:

A personal firewall makes all closed ports STEALTH . . . well i want all my closed ports to appear OPEN and be Tarpitted so that all connections get stuck. (tarpitted ports dont use any system resources either . . .) all the ports that show as STEALTH would instead be OPEN TARPIT... Thus slowing down scans and hackers instead of just making them slip by you.

 

Sorry if this seems dense on my part...

Since you already have 8-signs and have gotten it working with your tarpits, why don't you use it? Just disable incoming filtering for Kerio and NDIS, then no double packet filtering will occur, and Kerio will be reduced do an application control only firewall.

Cheers,

Alphalutra1

 

I tried and kerio does not want to work. . . also i want ALL closed ports tarpitted which 8signs can not do withought blocking all incoming (solicited or non-solicited) I need a firewall that will tarpit all closed ports. and frankly i dont see that one exists, unless someone knows something that i can rig up like that . .

 

Did you read the link I posted?

By going to the link I provided you can easilly find several Windows HoneyPots. One that looks like it would suite you is:

http://www.atomicsoftwaresolutions.com/honeybot.php

 

If you have money:

http://www.keyfocus.net/kfsensor/screenshots/ looks very nice

and

http://www.specter.com/default50.htm can simulate Operating Systems, but doesn't support as many ports as kfsensor (listed above)

 

Just a small FYI, having your ports stealthed will slow down scans greatly since the scanner has to wait a few seconds for a response on each port (rather than getting a "port closed" message back in a split-second which would be the case with a closed port).

Also anyone considering tarpitting needs to take care that they do not include ports being used by applications they run (e.g. file-sharing networks). It probably would be better to limit tarpitting to specific ports only (e.g. port 25 SMTP to catch spammers looking for open mail relays) just to avoid any collateral effects.

 

Nice points, but I must say that I very much enjoy viewing all the attempts on my fake servers

KFSensor Pro. although very expensive is incredibly configurable and detailed; I'm impressed with it.

 

Yes it is good,..I used this at home for a short time, and enjoyed watching all the attempts from my ISP to gain entry.

 

Right now I have 3,960 people stuck according to KFSensor...