Iptables(8) TARPIT is a useful security mechanism that can slow down or stop attacks on a network. If everyone used TARPIT to block attackers, in theory their resources would be exhausted as their connection attempts would be delayed, which would discouraged people from attempting unauthorized access. Here's a brief description of how TARPIT works:
To achieve this tar pit state, iptables accepts the incoming TCP/IP connection and then switches to a zero-byte window. This forces the attacker's system to stop sending data, rather like the effect of pressing Ctrl-S on a terminal. Any attempts by the attacker to close the connection are ignored, so the connection remains active and typically times out after only 12–24 minutes. This consumes resources on the attacker's system but not