Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Nov 21st, 2008, 1:46pm
   Mischel Internet Security Forum
   Internet Security
   Firewalls (Moderators: Helena, Gavin_Coe, Magnus)
   The  Tarpit		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: The  Tarpit  (Read 972 times)
mozar
Highly Honored Mass-Poster
*******





   


Posts: 1524
The  Tarpit
« on: Jan 27th, 2004, 1:51pm »		 Quote Quote  Modify Modify
 Hello  ,
 
  My  firewall  , 8Signs , has  an  interesting  new  feature  called  " tarpit "  explained  by  its creator  , James Grant , here :
 
 " ...  8Signs Firewall allow you to trap hackers, slow down the spread of worms and stall spammers by creating tarpits. A tarpit is a trap for troublesome outsiders. Your system accepts TCP connections but never replies and ignores disconnect requests. This can leave ports scanners and hackers stuck for hours, even days... "
 
  It  is  a  way  of  "  doing  something  "  against  guys  bothering  you  during  all  day  at the same port .  
  At  least  much  better  than reporting  something  to  abuse@  and never  receiving  any kind of feedback  - and  it's  also funny .  
 
  Regards  ,
 
    mozar
 
IP Logged
Walter
Veteran
*****





   


Gender: male
 Posts: 573
Re: The  Tarpit
« Reply #1 on: Jan 27th, 2004, 4:32pm »		 Quote Quote  Modify Modify
I really like this idea; it's original & clever.  Cool  
 
However, from a practical or technical perspective, I'm curious if this feature really functions as intended. Is there a way to test this to see if it really works?  
 
I would be interested in hearing some comments from some of the IT hotshots who inhabit this forum.
 
These comments are not intended to be negative, on the contrary, I'm intrigued.  
 
Too, perhaps this shows how little I still really understand of the technical aspects involved in computers, firewalls, the internet--and more!  Smiley
IP Logged
Strange as it may seem, no amount of learning can cure stupidity, and formal education positively fortifies it. S Vizinczey
mozar
Highly Honored Mass-Poster
*******





   


Posts: 1524
Re: The  Tarpit
« Reply #2 on: Jan 27th, 2004, 4:48pm »		 Quote Quote  Modify Modify
  Hello  ,  Walter
 
 
   What  I  can  say  is  that -  from  a  common  user's perspective  -  I  have  the  "tarpit  display "  showing  me info  about  my  ... "tarpiteds" : the  start time , last attempt , time spent , state (stuck)  etc .
 
  I'll try  to  contact  James   to  explain this feature better than I'm  able .
 
  Regards  ,
 
       mozar
 
IP Logged
Walter
Veteran
*****





   


Gender: male
 Posts: 573
Re: The  Tarpit
« Reply #3 on: Jan 27th, 2004, 5:10pm »		 Quote Quote  Modify Modify
Thanks mozar,
 
Actually that was one of the things I was wondering about: the information available to you, in the "tarpit display." Very intriguing.
 
I can imagine a possible reaction, from an aspiring hacker or spammer,  
Quote:
What!? Oh no, I think I've been tarpitted--again! Dang, I just hate it when that happens.

 
This would be great,
Quote:
. . . I'll try  to  contact  James   to  explain this feature better than I'm  able .  

I hope he can. I think he has made a post or two here, previously--yes?
IP Logged
Strange as it may seem, no amount of learning can cure stupidity, and formal education positively fortifies it. S Vizinczey
Walter
Veteran
*****





   


Gender: male
 Posts: 573
Re: The  Tarpit
« Reply #4 on: Jan 27th, 2004, 5:13pm »		 Quote Quote  Modify Modify
Hey, mozar--that reminds me.
 
Have you ever heard of the LaBrea (sp?) tarpits, in Los Angeles? It seems I've also heard of some other, similar, tarpits being found somewhere else (France, maybe?).
IP Logged
Strange as it may seem, no amount of learning can cure stupidity, and formal education positively fortifies it. S Vizinczey
8Signs
Newbie
*



I love YaBB 1G - SP1!

   
WWW  

Posts: 11
Re: The  Tarpit
« Reply #5 on: Jan 27th, 2004, 5:37pm »		 Quote Quote  Modify Modify
Hi All,
 
I can't take credit for the idea of tarpits. It is several years old now and has been added to Linux. The first app to really put them to use was called "LaBrea" but the author pulled it intentionally to protest an Illinois anti-hacker law was so far reaching as to threaten legitimitate, defensive activity:
 
http://www.hackbusters.net/#software
 
Now the scope of tarpitting in the 8Signs firewall isn't so broad as to violate the "Super DMCA", so that's not an issue.
 
The intent of the feature is to slow down hackers and worms. It's been said that if enough people used tarpits, worms would be obsolete. I think that's a stretch, but they would be slowed down, which can make a huge difference.
 
To test the feature in the wild, I use it on my home PC which is continually hit with probes and connection attempts. These are the ports I have tarpitted right now:
 
21, 23, 139, 445, 1080, 4899, 17300, 21660, 27374
 
Some of the higher ones were just thrown in as a test when I saw hits in the log. I had port 80 for quite a while, but dropped it.
 
Results vary. Different hacker tools get stuck for different periods of time.
 
James Grant
8Signs Ltd.
IP Logged
mozar
Highly Honored Mass-Poster
*******





   


Posts: 1524
Re: The  Tarpit
« Reply #6 on: Jan 27th, 2004, 8:57pm »		 Quote Quote  Modify Modify
   Hello  ,  Walter . Sorry  but  I came back just now .
 
  On  the other hand   it's  much  better  to  be  answered  by James , isn't it ?
 
  As  8Signs is an extremely easy  and  pleasant FW  to  use  I  was  always playing  with  its  rules editor  and  with  the " Ban List" and  "Port Scan Detection " features - and , now , also with the "Tarpit" .  
 
IP Logged
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: The  Tarpit
« Reply #7 on: Jan 27th, 2004, 9:07pm »		 Quote Quote  Modify Modify
I just wanted James to know we have a Firewall Forum at ComputerCops.biz  Yes, there is a Zone Alarm Forum, but that doesn't precluded us from having an 8sign Forum as well, or his participation in the Firewall Discussions there either.  There is also a Secondary TrojanHunter Forum there at ComputerCops in case someone trys DDos Magnus here.
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2913
Re: The  Tarpit
« Reply #8 on: Jan 28th, 2004, 12:44am »		 Quote Quote  Modify Modify
This all sounds intruiging. Imaging - all those hapless click-through Trojan hosts out there trying to connect Kuang on 17300, suddenly having their network connection freeze. Maybe that would make people sit up and notice something odd was going on with their PC?
IP Logged
... but crap arrives pretty much straight away.
Walter
Veteran
*****





   


Gender: male
 Posts: 573
Re: The  Tarpit
« Reply #9 on: Jan 28th, 2004, 4:23am »		 Quote Quote  Modify Modify
Thanks James (aka "8Signs") for your post. We appreciate it; some interesting "tarpit" stuff there.
 
I hope you will take Jamming up on his offer. Sounds like you could have a chance at starting a forum at ComputerCops.biz, if I'm understanding correctly what Jamming wrote. I think you would definitely spark some interest if you did that. The times I've visited ComputerCops they always seem to have a lot of traffic (visitors & members).
 
I did visit the 8Signs website:
http://www.8signs.com/firewall/ and I noticed there is not a forum available, is that correct? You don't happen to already host a forum, at another website, perhaps?
 
Regards,
IP Logged
Strange as it may seem, no amount of learning can cure stupidity, and formal education positively fortifies it. S Vizinczey
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: The  Tarpit
« Reply #10 on: Jan 28th, 2004, 10:20am »		 Quote Quote  Modify Modify
We would not be adverse to that, if he desired that. Cool
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
8Signs
Newbie
*



I love YaBB 1G - SP1!

   
WWW  

Posts: 11
Re: The  Tarpit
« Reply #11 on: Jan 29th, 2004, 12:04am »		 Quote Quote  Modify Modify
on Jan 28th, 2004, 4:23am, Walter wrote:

I did visit the 8Signs website:
http://www.8signs.com/firewall/ and I noticed there is not a forum available, is that correct? You don't happen to already host a forum, at another website, perhaps?

 
We have a mailing list.
My business partner Linda chose that because it worked well in ConSeal days.
 
I appreciate the offer of a forum at ComputerCops, but I find it hard to follow too many. I currently reside at Deerfield.com's forum for VisNetic Firewall (same product under their brand name) and the 8Signs mailing list. I can always be reached by email:
 
james
at
8signs
dot
com
 
James Grant
IP Logged
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: The  Tarpit
« Reply #12 on: Jan 29th, 2004, 2:06am »		 Quote Quote  Modify Modify
No Problem , James. Cheesy
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register