What is a tarpit?
A tarpit is a security mechanism against computer worms and network abuses like spamming. It acts by purposefully delaying network connections so that attackers are less attracted to attacks. The concept is analogous to a tar pit, where animals get bogged down and slowly sink under the surface.
How does a tarpit work?
Tarpits can work in the following ways:
-
- Tarpits can work by delaying authentication procedures when a user gives an invalid password. The response time becomes so much that the attackers find breaking the authentication system with various passwords less attractive.
- Tarpits can increase the transfer time of all emails by a few seconds by delaying the initial greeting message. It does not make much difference to a legitimate user if sending an email takes a few seconds longer, but it affects the spammers due to the high volume of emails.
- Some email systems delay only known spammers with a special purpose daemon so that the spammers end up spending lots of time in spamming or they leave it.
- Another idea is to greylisting users. In this case, if any connection request comes from a previously unseen IP address, the first connection is refused. A legitimate user will try again, but a spammer will get discouraged. Most spammers make only one attempt for making connections.
- Sometimes, a spam filter even tries to guess if a message is going to be spam and adds delay accordingly. If the message is more likely to be spam, the delay is more.
So, the basic idea is that a delay in making connections or authentication procedures or email transfer time does not make so much difference to a legitimate user as it does to a spammer. And that’s the psychology behind tarpits.
I hope this helps! Interested readers who want to know more about how various malware and cyberattacks work may want to refer to the book “A Guide To Cyber Security.”
0 Comments