On Fri, Dec 04, 2020 at 11:02:48AM -0500, Gene Heskett wrote: [...] > Sounds like a good idea, I'll have to think about it, feed the bots in > 256 byte pieces every 5 seconds to keep them from timing out, with 256 > bytes from rnd mixed in to make a dos packet? :) Just be sure the crc is > good. ;-) There used to be a firewall thingmajig doing tarpit. Ah, nftables also has an addon for that. That said, it's eating resources on your side too, and chances are that almost every resource, from CPU power to electrical power is cheaper on the other side. The best strategy, therefore, seems to be DROP. This, at least, lets the other side wondering whether an answer is coming for as long as their timeout is -- and even unsure about whether their victim is there at all. Revenge may taste enticing, but isn't always the wisest adviser. Cheers - t
Attachment:
signature.asc
Description: Digital signature