Re: [Labrea-users] Newbie. Tarpiting based on dst port. (53)
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
Re: [Labrea-users] Newbie. Tarpiting based on dst port. (53)
|
From: Don M. <dmu...@od...> - 2005-11-02 12:58:54
|
What you are describing isn't easily possible, unless you mod the code to
do so.
LB listens and takes action based on the amount of activity it sees /
hears.
There isn't a way to "inject" commands into LB. You could look at a
commercial offering,
CounterPoint, from Mirage Networks, which has support for what you are
describing.
don m / university security guy
"Sylvan Andrew"
<sylvan_nids@norf
olk.nf> To
Sent by: <lab...@li...
labrea-users-admi >
n...@li...urcefor cc
ge.net
Subject
[Labrea-users] Newbie. Tarpiting
11/01/2005 07:57 based on dst port. (53)
PM
Please respond to
"Sylvan Andrew"
<sylvan_nids@norf
olk.nf>
Hello,
I'm new to LeBrea but it looks great. Could anyone please advise me if
it's possible to do the following ?
Would it be possible to tarpit based on the amount of DNS requests you've
received, from a certain IP over a specified time limit ? As in something
like if more than 3 DNS requests a second from the same IP = Tarpit Them.
If this is possible could anyone please give an example command of what
this would look like ?
Thanks very much !
Regrads
Sylvan Andrew
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
NOTE: This message was auto-learned as non-spam. If this is wrong,
please correct the training as soon as possible.
Teach CanIt if this mail (ID 33955635) is spam:
Spam:
https://www.spamtrap.odu.edu/b.php?c=s&i=33955635&m=c2b124cc5e29
Not spam:
https://www.spamtrap.odu.edu/b.php?c=n&i=33955635&m=c2b124cc5e29
Forget vote:
https://www.spamtrap.odu.edu/b.php?c=f&i=33955635&m=c2b124cc5e29
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
|
