LaBrea@Home - The Personal Tarpit

"LaBrea gives its users a tactical advantage over 'zombie' computers like those compromised by the Code Red worms. The computer security industry will find it a very intriguing utility." -- Rob Rosenberger, editor, Vmyths.com

What is it?

LaBrea@Home is a version of the original network administrator's tool "LaBrea" for home use. The executable lb@home.exe can be run on any Windows machine.
LaBrea is a way to combat both port scanners and worms such as Code Red and Nimda. The original network administrator's "LaBrea" creates phantom machines which hold scanners and worms in a sort of "tarpit", luring them in, and holding onto their communications with what they think are real machines.
LaBrea@Home uses your own connection's IP to do the same thing. It monitors incoming connection attempts by scanners and worms and tarpits them in the same fashion.
System Requirements

LaBrea@Home has been tested on Windows 98 and Windows 2K. It will most likely run on any version of Windows including Windows 95 OSR2 and above, including Windows NT4, Windows 98, Windows 98SE and Windows 2K/XP.

An Ethernet adapter. You will be able to see the traffic with PPP adapters but you will not be able to tarpit it. HackBusters is working (HARD!) on making LaBrea@Home work with Microsoft's (how should we put it... uh... uh...) "unusual" PPP adapter.

A firewall such as Zone Alarm, Zone Alarm Pro or Tiny Firewall.

LaBrea@Home requires the "packet" libraries available from The University of Torino. HackBusters STRONGLY suggests that you DO NOT install these by running the install application from this site. The install application is known to overwrite system files in some circumstances. This application (WinPcap.exe) is actually an executable .zip file. HackBusters suggests that you simply open this file using winzip (or another zip application) and extract the necessary files by hand. The files needed should be placed in the /windows/system directory.

For Win95/98/ME: packet.dll and packet.vxd

For WinNT: packetnt.dll (should be renamed packet.dll) and packetnt.sys (should be renamed packet.sys).

For Win2K: packetnt.dll (should be renamed packet.dll) and packet2k.sys (should be renamed packet.sys).

How to use it
LaBrea@Home is as nearly idiot-proof an an application can get. (All you idiots out there: THIS IS NOT A CHALLENGE!) Fire it up, choose your ethernet adapter from the list, and you're off! It sits in your system tray and does its thing! Double click on the icon, and it pops up to show you a list of who you're holding. Use the menu to close the adapter and to exit.
How It Works
LaBrea@Home watches your incoming traffic on port 80. This is where worms such as CodeRed and Nimda will try to connect with you. These worms look for Microsoft IIS servers, and if they can establish a connect will try to send over their "payload".
When LaBrea@Home sees such incoming traffic, it relies on your firewall to pre-empt the reset which your Microsoft TCP/IP stack would otherwise generate, and then LaBrea@Home "completes" the connection by sending specially crafted packets to the worm.
The other end is lured into thinking it has a genuine connection on port 80 and then prepares to send its payload. But LaBrea@Home will then instruct the other end to wait by setting what is known as the TCP "window" to zero and replying the same way each and every time the other end attempts to send information.
The other end - the scanner or worm - will then be held up forever, or until LaBrea@Home releases it.
Note: Version 1.0 only responds to connection attempts on port 80.
How much?
LaBrea@Home is free for personal use. If you're interested in licensing it for use by a government agency or a business, contact HackBusters.
Also included is absolutely no warranty (look real hard... you won't find one). We have no reason to believe that LaBrea@Home will do anything bad to your system or your internet connection (it should actually HELP your internet connection...).
But if somehow LaBrea@home makes your computer blow up, sets your cat on fire, turns you sterile, or whatever... we don't want to hear about it because... well... we have problems of our own to deal with.

Download it here or here