On Tue, Apr 30, 2013 at 08:54:47PM +0200, Lazy wrote: > mod_security + simple scripts+ ipset + iptables TARPIT in the raw table > > this way You would be able to block efficiently a very large number of > ipnumbers, using > TARPIT will take care of the > delaying new bot connections at minimal cost (much lower then delaying the > request in userspace, or even returning some error code)
Note that tarpit is not such a cool strategy anymore once you make a mistake and hit legitimate traffic. E.g., someone once took down all of Debian's email handling for a day or so, due to misconfigured tarpitting overloading the server. /* Steinar */ -- Homepage: http://www.sesse.net/