"LaBrea gives its users a tactical advantage over 'zombie' computers like those compromised by the Code Red worms. The computer security industry will find it a very intriguing utility." -- Rob Rosenberger, editor, Vmyths.com |
  | |
What is it? LaBrea@Home is a version of the original network administrator's tool "LaBrea" for home use. The executable lb@home.exe can be run on any Windows machine. LaBrea is a way to combat both port scanners and worms such as Code Red and Nimda. The original network administrator's "LaBrea" creates phantom machines which hold scanners and worms in a sort of "tarpit", luring them in, and holding onto their communications with what they think are real machines. LaBrea@Home uses your own connection's IP to do the same thing. It monitors incoming connection attempts by scanners and worms and tarpits them in the same fashion. System Requirements
How to use it
How It Works When LaBrea@Home sees such incoming traffic, it relies on your firewall to pre-empt the reset which your Microsoft TCP/IP stack would otherwise generate, and then LaBrea@Home "completes" the connection by sending specially crafted packets to the worm. The other end is lured into thinking it has a genuine connection on port 80 and then prepares to send its payload. But LaBrea@Home will then instruct the other end to wait by setting what is known as the TCP "window" to zero and replying the same way each and every time the other end attempts to send information. The other end - the scanner or worm - will then be held up forever, or until LaBrea@Home releases it. Note: Version 1.0 only responds to connection attempts on port 80.
How much? Also included is absolutely no warranty (look real hard... you won't find one). We have no reason to believe that LaBrea@Home will do anything bad to your system or your internet connection (it should actually HELP your internet connection...).
But if somehow LaBrea@home makes your computer
blow up, sets your cat on fire, turns you sterile, or whatever... we don't want to hear
about it because... well... we have problems of our own to deal with.
| |
  |