[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new, not nice web bots disposal



On Wednesday 26 February 2020 23:25:53 Lee wrote:

> On 2/26/20, Gene Heskett <gheskett@shentel.net> wrote:
> > On Wednesday 26 February 2020 16:00:35 tomas@tuxteam.de wrote:
> >> On Wed, Feb 26, 2020 at 09:54:09PM +0300, Reco wrote:
> >> > 	Hi.
> >> >
> >> > On Wed, Feb 26, 2020 at 01:50:40PM -0500, Lee wrote:
> >>
> >> [...]
> >>
> >> > > Have you considered REJECT instead of DROP?
> >> >
> >> > A neat idea for your LAN. A bad idea in this case.
> >>
> >> Exactly.
> >>
> >> > You *want* that other side to retry, wasting their time instead
> >> > of spamming their target. In fact, one should consider using
> >> > TARPIT instead of a DROP here.
> >
> > My copy of iptables-extensions makes zero mention of TARPIT.
> >
> >> Moreover: you don't want the other side to even know that you're
> >> there. The less info you give away the better.
> >
> > My reasoning too.
>
> You're advertising your web server in your sig.  The "other side"
> ALREADY KNOWS you have a web server there.
>
This is true...

> If you're going to advertise your presence on the web it seems
> pointless to pretend that you're not there.  And the bots you'd be
> REJECTing are the ones that have ignored your robots.txt file, so why
> not just tell them to go away instead of putting up with their
> retries?

What if they ignore that RST too?

> > I'd much druther be a black hole that doesn't even have
> > any Hawking Radiation. But I've no info that such a beast exists
> > anyplace in the universe. There is info in the fact of there not
> > being any response.
> >
> >> In a LAN, however, REJECT is far better: you want the other side
> >> to know that you're there, but not talking.
> >
> > I'd call this a WAN since its intended to go out on the internet.
> > And I am the only user inside this LAN.
> >
> > In that event, and given that a /24 rule caught them, how many out
> > of that /24 get the reject message?
>
> However many hit the REJECT rule.  The iptables rule is going to send
> a RST to anything in that /24 tries to access your server.  The other
> hosts in that /24 that aren't trying to access your server won't get
> anything from you.

Good, you guys are beginning to make sense. Done.

> Regards,
> Lee


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>


Reply to: