iptables Tarpit - Usage, Pros and Cons
I have implemented a fairly good iptables setup on the servers that I am administering. At the moment, though, I am keeping things fairly straight-forward: I accept only what I need to and I reject packets from IPs that show up in my logs doing anything suspicious.
However, I have been reading about the ability of iptables to direct packets to a tarpit, thereby slowing or hindering a potential attacker. It can also, apparently, be used to mask a server's true port signature from scanning to some extent.
Here are my questions:
What is the recommended usage, if any, of tarpits for a typical Linux web-server?
What are the pros and cons of using tarpits? (For example, do they use up server resources? So far I have been reading what looks to be conflicting information on that subject)
Any info on this would be greatly appreciated.