[bcwhite]

I redirect such traffic to a subdomain with an IP address that isn't assigned (or legally assignable). The bots just wait for a response to connection requests but never gets them. This seems to typically cost 10s waiting. The traffic doesn't come to my servers and it doesn't risk legitimate users who might hit it by mistake.

[lgats]

I've attempted a few of these, redirecting to invalid domains or https://en.wikipedia.org/wiki/Black_hole_(networking)#:~:tex...

[MaxikCZ]

Perhaps naive question, but wouldnt also your hardware be waiting for reply from non-existing network? Wouldnt you just add to their DoS power this way?

[arielcostas]

No, the client is the one trying to connect to the non-existing server. You just redirect them, for example with a 301 saying "go here instead", and when they try to go there, they will find an invalid IP