[linux-elitists] web server software for tarpitting?

Robert Edmonds edmonds@debian.org
Mon Feb 11 10:38:59 PST 2008

On 2008-02-11, Gerald Oskoboiny <gerald@impressive.net> wrote:
> The other day we posted an article [1] about excessive traffic
> for DTD files on www.w3.org: up to 130 million requests/day, with
> some IP addresses re-requesting the same files thousands of times
> per day. (up to 300k times/day, rarely)
> The article goes into more details for those interested, but the
> solution I'm thinking will work best (suggested by Don Marti
> among others) is to tarpit the offenders.

I have no experience with application layer tarpitting, but for
extremely persistent IP addresses I'd suggest TCP zero window tarpitting
-- this can hang a TCP connection for 12-24 minutes or so with only a
few packets.  Check out the iptables TARPIT and ipset modules; relevant
Debian packages are netfilter-extensions and ipset.

Robert Edmonds

More information about the linux-elitists mailing list