Saturday, September 19, 2015

What is Tarpit and how does it improve security ?





What is Tarpit ?


A tarpit is a security mechanism against computer worms and network abuses like spamming. It acts by purposefully delaying network connections, so that attackers are less attractive towards attacks. The concept is analogous to a tar pit, where animals get bogged down and slowly sink under the surface.



How does Tarpit work ?


Tarpits can work in different ways :


  • Tarpits can work by delaying authentication procedures when a user gives an invalid password. The response time becomes so much, that the attackers find it less attractive in breaking the authentication system with various passwords.
  • Another example is, increasing the transfer time of all emails by few seconds by delaying the initial greeting message. It does not make much difference to a legitimate user if sending an email takes few seconds longer, but it affects the spammers, due to the high volume of emails.
  • Some email systems, delay only known spammers, with a special purpose daemon, so that the spammers end up spending lots of time in spamming or they leave it.
  • Another idea is to greylisting users. In this case, if any connection request comes from a previously unseen IP address, the first connection is refused. A legitimate user will try again, but a spammer will get discouraged, most spammers make only one attempt for making connections.
  • Sometimes, a spamfilter even tries to guess if a message is going to be a spam and adds delay if so. The more likely the message can be a spam, more the delay is.



So, the basic idea is, a delay in making connections or authentication procedures or email transfer time does not make so much difference to a legitimate user, as it does for a spammer. And that's the psychology behind the tarpits. Hope this helps.



Read More

What is an Intrusion Detection System and how does it work ?

What is honeypot ?

How does Network Segmentation improve security and what is VLAN ?

What is IoT Botnet and how is it used to make DDoS attacks ?

How to prevent DDoS attacks ?

What is Web Application Firewall or WAF ?

What is SSL Inspection ?

What is Next Generation Firewall ?

What is Next Generation of Anti Virus or NGAV ?

What is Deep Packet Inspection ?





No comments:

Post a Comment