dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Wired: A 'Tarpit' That Traps Worms

Sep 19, 2001, 23:31 (14 Talkback[s])
(Other stories by Michelle Delio)

[ Thanks to Tim Rushing and Dennis Powell for this link. ]

"Network administrators now have a hacking tool that can help them strike back at malicious attackers.

"LaBrea" is a free, open-source tool that deters worms and other hack attacks by transforming unused network resources into decoy-computers that appear and act just like normal machines on a network. But when malicious hackers or mindless worms such as Nimda or Code Red attempt to connect with a LaBrea-equipped system, they get sucked into a virtual tarpit that grabs their computer's connection -- and doesn't release it.

Worms trapped in the tarpit are unable to move along to infect other computers. Stuck hackers first waste their time flailing away at a non-existent machine; they are then forced to shut down their hacking program or computer to escape."

Complete Story

Tim writes:

The article doesn't mention it, but the code is GPL'd and runs on Linux.

The article also fails to mention where to find it:

Current list of mirrors as of 2:20pm (EST)

Incidents.org
http://www.incidents.org/LaBrea/

HackBusters
http://www.hackbusters.net/LaBrea/LaBrea.html

FWSystems
http://www.fwsystems.com/build/LaBrea/

Dshield
http://hts.dshield.org/LaBrea/

ThreeNorth
http://www.threenorth.com/LaBrea/