Everything j2sw

Consulting, Hobbies, life by Justin Wilson

j2sw.com being re-vamped

I am currently re-vamping this site.  j2sw.com will be a jumping off point of everything related to what I am doing

Blog Pages
mtin.net Blog
My oldest blog. Lots of topics on networking and ISP related items

j2sw Blog
Some overlapping information from the MTIN blog, but wider topics in the pipeline

Peering exchange for interconnection.

Texas Internet exchange

Indianapolis co-location, bandwidth, and data center services.

Info about starting and running a WISP

Legacy Consulting site.  This will be re-vamped right after this site.

Ham Radio Repeater group and Club

Directory of Toy stores and shows

Social Media
@j2sw @mtinnet 
MTIN Facebook
j2sw.com Facebook 
Follow Justin on Linkedin

j2sw Youtube Channel

j2 Podcast about xISP and networking
Itunes Link
Google Link

Projects I am involved in
The Brothers WISP

Use tarpit instead of drop

There are many scripts out there, especially on Mikrotik, which list drop as the action for denying bad guy traffic.  While this isn’t wrong, you could put the tarpit action to better use for actions which are dropping attacking type of traffic.

So what is Tarpit?
Tarpit is fairly simple. When connections come in and are “tarpitted” they don’t go back out. The connection is accepted, but when data transfer begins to happen, the TCP window size is set to zero.  This means no data can be transferred during the session.  The session is held open, and requests from the sender (aka attacker) to close the session are ignored. They must wait for the connection to timeout.

So what’s the downside?
TCP is not really designed to hold onto a connection.  It can be additional overhead on a taxed system.  Most modern firewalls can handle tarpitting without an issue.

How can I use it?
If you have scripts, such as the SSH drop off the Mikrotik wiki, simply change the action to “tarpit” instead of “drop”.