On 09/22/2010 12:46 PM, David Fogel wrote: > Ideally we would like to > find a solution that not only reduces our resource utilization, but > perhaps increases the attacker's cost in some manner, so they are more > likely to move on and leave our servers alone.
I haven't paid much attention to this area lately, but when I last was a lot of this traffic was from script kiddies and bots doing large scans, both of whom are mostly insensitive to time and/or resource consumption. I suspect that doing anything that actually got their attention would increase the level of probing, not reduce it. In your shoes I might filter some of the more obvious cruft, but otherwise I'd just work to make the application behave sensibly in the face of whatever the Internet is throwing at it. The bots you're seeing now are just the beginning, and even if you get the obvious ones, you still won't be able to all of them. To say nothing of all the weird and/or broken clients out there. William ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2663462
