What is Tarpit ?
A tarpit is a security mechanism against computer worms and network abuses like spamming. It acts by purposefully delaying network connections, so that attackers are less attractive towards attacks. The concept is analogous to a tar pit, where animals get bogged down and slowly sink under the surface.
How does Tarpit work ?
Tarpits can work in different ways :
- Tarpits can work by delaying authentication procedures when a user gives an invalid password. The response time becomes so much, that the attackers find it less attractive in breaking the authentication system with various passwords.
- Another example is, increasing the transfer time of all emails by few seconds by delaying the initial greeting message. It does not make much difference to a legitimate user if sending an email takes few seconds longer, but it affects the spammers, due to the high volume of emails.
- Some email systems, delay only known spammers, with a special purpose daemon, so that the spammers end up spending lots of time in spamming or they leave it.
- Another idea is to greylisting users. In this case, if any connection request comes from a previously unseen IP address, the first connection is refused. A legitimate user will try again, but a spammer will get discouraged, most spammers make only one attempt for making connections.
- Sometimes, a spamfilter even tries to guess if a message is going to be a spam and adds delay if so. The more likely the message can be a spam, more the delay is.
So, the basic idea is, a delay in making connections or authentication procedures or email transfer time does not make so much difference to a legitimate user, as it does for a spammer. And that's the psychology behind the tarpits. Hope this helps.
What is an Intrusion Detection System and how does it work ?
What is honeypot ?
How does Network Segmentation improve security and what is VLAN ?
What is IoT Botnet and how is it used to make DDoS attacks ?
How to prevent DDoS attacks ?
What is Web Application Firewall or WAF ?
What is SSL Inspection ?
What is Next Generation Firewall ?
What is Next Generation of Anti Virus or NGAV ?
What is Deep Packet Inspection ?