[tlavoie]

Like a Slow Loris attack, but from the server side? I like it! I've been using a mostly-Apache setup for ages, but thinking about how it might be fun to implement something lightweight for my VPS, that includes a variety of ways to mess with those sending unwanted requests. I suppose ModSecurity could get me most of the way there without having to reinvent everything.

[jeroenhd]

If you're still on iptables, you can TARPIT traffic using firewall rules that will essentially do that. nftables doesn't have tarpitting just yet, I believe.

If you want to annoy SSH brute forcing bots, endlessh is a dedicated tool for SSH connections. There are other tools for other dedicated protocols as well.

[tlavoie]

Cool, thanks! I do use fail2ban on my VPSs fairly liberally, so filling any one log with too much noise will trigger an hours-long ban for the IP.

What I liked about the application-level interference is that you can do something more subtle than a block, while still feeding them nonsense, slowly.