You are currently browsing the Blog weblog archives for the day 20. February 2007.
- IIS (1)
- Open Source (1)
- Performance (4)
- Personal (3)
- Powershell (1)
- SQL (1)
- SQL Server (21)
- T-SQL (15)
- Uncategorized (6)
- Utilities (5)
- Windows OS (14)
- 14. April 2011: Deduplicating files with LogParser and SQL Server
- 25. February 2011: The final voyage of the USNS H. H. Hess
- 16. February 2011: Free SQL Server training videos
- 23. August 2010: Alert for long-running SQL datbase backups
- 7. April 2010: Learning SMO & Powershell
- 25. February 2010: SQL Generators for moving database files
- 28. January 2010: Index to Filegroup mapping
- 20. January 2010: PowerShell Script to Clean Up Old Files Based on Age
- 7. January 2010: Quick & Dirty way to identify orphan files
- 29. July 2009: Trigger Mass Enable / Disable
- April 2011
- February 2011
- August 2010
- April 2010
- February 2010
- January 2010
- July 2009
- June 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- August 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- October 2007
- September 2007
- May 2007
- April 2007
- February 2007
Archive for 20. February 2007
Tarpits
20. February 2007 by Bennett.
While working on a client’s Exchange server, I stumbled across an interesting knowledgebase article: SMTP tar pit feature for Microsoft Windows Server 2003. Tarpits insert a delay into certain SMTP communications that are associated with spam or with other unwanted traffic. They work by slowing all responses that contain SMTP protocol 5.x.x error codes. For the Microsoft SMTP server the delay value is configurable. There are some caveats as to whether or not this will be effective in your environment and whether or not it will slow legitimate traffic. It is definitely worth checking out.
On a related note, it would be interesting to put a LaBrea Tarpit on the top and bottom IPs of an Internet facing subnet. For example, if I owned subnet 207.103.204.0/24, I would bind addresses 207.103.204.1 and 207.103.204.254 to a LaBrea host. Zombie computers often do linear address space scans looking for victim machines. Having a tarpit at either end of the subnet could could significantly slow zombie activity. It would also tend to clean up much of that junk that you see in your HTTP or IDS logs.
Posted in Windows OS | Print | No Comments »