mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 12:45:13 +02:00
19 lines
941 B
Groff
19 lines
941 B
Groff
+Causes confusion on the other end by doing odd things with incoming packets.
|
|
+CHAOS will randomly reply (or not) with one of its configurable subtargets:
|
|
+.TP
|
|
+\fB--delude\fR
|
|
+Use the REJECT and DELUDE targets as a base to do a sudden or deferred
|
|
+connection reset, fooling some network scanners to return non-deterministic
|
|
+(randomly open/closed) results, and in case it is deemed open, it is actually
|
|
+closed/filtered.
|
|
+.TP
|
|
+\fB--tarpit\fR
|
|
+Use the REJECT and TARPIT target as a base to hold the connection until it
|
|
+times out. This consumes conntrack entries when connection tracking is loaded
|
|
+(which usually is on most machines), and routers inbetween you and the Internet
|
|
+may fail to do their connection tracking if they have to handle more
|
|
+connections than they can.
|
|
+.PP
|
|
+The randomness factor of not replying vs. replying can be set during load-time
|
|
+of the xt_CHAOS module or during runtime in /sys/modules/xt_CHAOS/parameters.
|