A ‘Tarpit’ That Traps Worms
Technology News from Wired News – A ‘Tarpit’ That Traps Worms.
Network administrators now have a hacking tool that can help them strike back at malicious attackers.
“LaBrea” is a free, open-source tool that deters worms and other hack attacks by transforming unused network resources into decoy-computers that appear and act just like normal machines on a network. But when malicious hackers or mindless worms such as Nimda or Code Red attempt to connect with a LaBrea-equipped system, they get sucked into a virtual tarpit that grabs their computer’s connection — and doesn’t release it.
Worms trapped in the tarpit are unable to move along to infect other computers. Stuck hackers first waste their time flailing away at a non-existent machine; they are then forced to shut down their hacking program or computer to escape.
[ … ]
LaBrea does need a really big playground to operate effectively. Elias Levy, Chief Technical Officer at Security Focus, a security news site, calculated that on smaller networks the odds of LaBrea being able to efficiently capture and trap worms isn’t very good. The larger the network, the greater the chance of success.
“For a tool like (LaBrea) to even make a dent into the infection rate of a worm, you would need to monitor an address space of the same size as a (class B) network,” Levy said. “That’s 65,536 addresses.”
