|The UF Office of Information Technology Newsletter|
|Security Team Creates "Tar-pit" to Foil Netsky|
On April 20th we learned that a new variant of the "Netsky" e-mail virus, which was spreading across the Internet, had been programmed to attack a UF Health Science Center website. Beginning on April 28th, every Netsky.X-infected computer in the world would join in the attack.
We considered several options; but because we wanted to stop the attack without also blocking legitimate users of the site, we chose an experimental technique called a "tarpit." The tarpit traps attackers and tries to slow down their connections, as if they were stuck in tar. This keeps them tied up and unable to launch as many attacks; meanwhile legitimate users are redirected to the real website.
Chuck Logan wrote the tarpit software and Jordan Wiens configured the server; others in Network Services offered valuable help. As the traffic increased we were forced to continuously re-write the software for greater performance. At the peak of the attack, 52 million packets (or 3.1 gigabytes) per hour were directed at the tarpit.
The tarpit was a success; we kept user service going through most of the attack, and learned valuable lessons that can be shared with others in the Internet community.