[bcwhite]

An idea I had was a custom kernel that replied ACK (or SYN+ACK) to every TCP packet. All connections would appear to stay open forever, eating all incoming traffic, and never replying, all while using zero resources of the device. Bots might wait minutes (or even forever) per connection.

[pclmulqdq]

As I understand it, you can probably do this with XDP in the Linux kernel and it will be pretty cheap.

[fabioyy]

no need to mess with the kernel, block on the local machine firewall outgoing RST packet ,create a program that reads raw socket for incoming SYN and answer the syn/ack). but anyway, this technique will not differentiate legitimate connections.

[Kubuxu]

I've done that in the past (8+ years ago) with raw IP sockets.