Request target TARPIT support in kernel
Bug #78361 reported by
Ketil Malde
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Won't Fix
|
Low
|
Unassigned | ||
linux-source-2.6.17 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
linux-source-2.6.22 (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Netfilter provides patch-o-matic patches that adds a target TARPIT that
sabotages network connections, which is useful in slowing down attackers
of various kinds. It'd be great to have this support in the kernel.
And, incidentally, the current iptables shipped with Edgy exhibits
the following behaviour:
% sudo iptables -A INPUT -p tcp --dport 135 -j TARPIT
Password:
iptables: Unknown error 4294967295
No big deal, but not really nice either.
-k
Changed in linux-source-2.6.17: | |
status: | Invalid → Won't Fix |
Changed in linux (Ubuntu): | |
status: | Incomplete → New |
To post a comment you must log in.
I have confirmed the behaviour on Edgy. On Edgy /lib/iptables/ libipt_ TARPIT. so exists but add an iptables rule with the destination of tarpit errors with "iptables: Unknown error".
However, on Dapper /lib/iptables/ libipt_ TARPIT. so exists but the error is more informative. "iptables: No chain/target/match by that name"
Subsequently this seems to be a regression.