August 2003 Archives

As of version 1.2.7a the netfilter firewall tool, iptables has had a built in target called TARPIT, but the first I had heard of it was the other day on Security Focus, in an article by Tony Bautts. The TARPIT target is an offshoot of the LeBrea project. The LeBrea project is the brainchild of Tom Liston, and you can read about Lebrea at HackBusters.net and at its new offical site, at Sourceforge.net. What the TARPIT target does is slow the spread of infection down, presumably so we have more time to react to outbreaks.

The idea is that when an offending scan comes in we accept the connection and then we set it up ion such a way that the attacker can't close the connection for 12 to 24 minutes.

We know that the msblaster.exe attack was targeting port 135 to spread. So on interfaces and addresses where we don't expect port 135 traffic we accept the traffic and hang the attacking computer up.

The iptables command would look something like:

iptables -A input -p tcp --dport 135 -j TARPIT

If you run RedHat you'll need to pick up an updated iptables rpm over at gnumonks (www.gnumonks.org), and while you're there, you may want to check out the matching ulogd rpm for packet logging features.

Please don't deploy this in a production environment until you have tested it out first. This could cause some big problems for you if you accidentally misconfigure it. You've been warned, now have fun in the tarpits.

I have been working on a 3 column site which has given me some problems lately. I have looked all over and found some really cool examples. It wasn't until I came accross Position is Everything (p.i.e.) that I found the right answer for my situation.

Big John, the author of the site, has a great essay explaining the problems I was facing and some nice simple examples of code which allows me (and you) to over come these issues fairly easily. I was extreamly impressed by the "guest demo" by Holly Bergevin which shows just how complex one can get with valid css.

So even after I fixed the form nested in a paragraph yesterday I had problems. In IE6 under Windows XP the font on the page with the form continued to render differently than the font on other pages, even though both use the same style sheet. I looked all over to find a solution or other mention of this issue.

I ended up over at Velvet Ant's guide to compliant XHTML forms by Lawrence Edwards. It contains detailed explanations of how to construct an XHTML compliant form to use with your favorite CGI program.

My form is fine now, and boy is Velvet Ant a cool name or what?

I've been working on two new sites for my company, JSW4.NET. The one I am coding myself has XHTML and CSS validation links at the bottom of the pages to prove that my code is good and pure. (What a geek!)

On one page I constructed a form for contacting me. (This is something all web site managers should think about. It gets your email addresses out of your pages. I mentioned another trick I use to accomplish this important task in "Sweet Trick" on March 12 this year.)

When I tried to validate the page with the form I got a cryptic error that said something about needing an obj or applet tag. This was confusing to me, and frankly I am still not sure what the error message meant. But I figured out what the actual error was.

Upon further examination, it turns out I had illegally included the form in an in-line context. You can't do that.

A form is a block level element that cannot be included inside of certain other block level elements, in my case a paragraph. (

I moved the form outside the paragraph and everything validated fine.