[Labrea-users] Redirecting locally to the tarpit

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I must be missing something, but everything Ive tried seems to indicate 
that this is not possible  redirecting traffic to a tarpit running on the 
same machine.

Say I have a machine running at 10.10.10.1 with normal mail and web 
services.  I also have Labrea running on the SAME machine, capturing 
10.10.10.2 through 10.10.10.10.

Someone with the IP address 192.168.50.50 starts attacking my website at 
10.10.10.1.  I would like to have a script detect the attack and issue the 
iptables command to redirect this address to the tarpit addresses.  Ideally 
I would have access to the upstream router to do this redirect before it 
even hits the web/tarpit box, but I dont.

I assumed I could simply do this by NATing the destination address from 
10.10.10.1 to 10.10.10.2 but it doesnt seem to work.

Would this iptables entry go in the INPUT chain or the FORWARD chain?  Is it 
even possible?

/sbin/iptables -t nat -I PREROUTING -s 192.168.50.50 -p tcp -j DNAT 
--to-destination 10.10.10.2
/sbin/iptables -I INPUT -s 192.168.50.50 -p tcp -j ACCEPT

Yes, I know the new version of iptables has a j TARPIT option, but I dont 
have that kernel built.

Thanks.
Mike

_________________________________________________________________
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/