Like a Slow Loris attack, but from the server side? I like it!
I've been using a mostly-Apache setup for ages, but thinking about how it might be fun to implement something lightweight for my VPS, that includes a variety of ways to mess with those sending unwanted requests. I suppose ModSecurity could get me most of the way there without having to reinvent everything.
If you're still on iptables, you can TARPIT traffic using firewall rules that will essentially do that. nftables doesn't have tarpitting just yet, I believe.
If you want to annoy SSH brute forcing bots, endlessh is a dedicated tool for SSH connections. There are other tools for other dedicated protocols as well.
Cool, thanks! I do use fail2ban on my VPSs fairly liberally, so filling any one log with too much noise will trigger an hours-long ban for the IP.
What I liked about the application-level interference is that you can do something more subtle than a block, while still feeding them nonsense, slowly.
My second thought was utilizing some nodejs express reverse proxy -- with some kind of rate limiting slow down, but the attack stopped and I moved on to something else.