jmc <[email protected]> writes: > block in log quick on $ext_if from <openproxies> to any probability 90% > > is because it seems a little bofh-ly to me. and i guess it borders on > security-through obscurity, which of course it not really security at > all. but it seems a bit more sinister than just outright blocking, which > kinda makes me snicker a bit. make the experience painful enough that > they just go away.
Just as a side-track, nothing to do with pf, I've done a similar thing with a service I'm running. Instead of blocking the bad guys outright, we have a blacklist of people who get randomized results from the application. Not very much, but enough to confuse the hell out of any automated scripts they were using to mess with us and instead of being able to automatically discover that they've been blacklisted, they have to manually verify everything. Blocking tells the bad guys that they should switch their proxy. Pretending to work while giving wrong results gives them real manual work to do. //art
