Recent searches
Search options
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
@corbet IP based blocks have been useless for decades. Block behaviors. Most bots cost money to run via bot net rental fees.
@monsieuricon @corbet so you know the behavior and the pattern. Construct countermeasures. I'm honestly astounded to see guys close to the kernel unable to do this. Think like your opponent. Find his weak spots. Nothing has changed since Sun Tzu made his observations. All bots have weak spots.
@corbet @monsieuricon your response is revealing. No wonder you aren't getting anywhere. I'll try to explain in general terms.
You are in a game. You have to respect your opponent. If he is smarter than you, you have to find someone capable of playing better than him. This is a private game, so rule 1:
Stop talking about this in public! This is a private game. It is not open source. Don't say what you know. Don't reveal what you learn.
Read the Art of War. Really. Read. Not skim.
1/
@corbet @monsieuricon to win this game requires understanding that, again, you respect your opponent. I can tell you I know at least one guy who refuses to deal with Linux kernel people anymore because he's very smart. He used to. If Linus has driven real hackers away then... Not good.
Rule 2: think outside the box. That's where your opponent plays. So that's where you should be. There is no greater compliment in my experience than from a skilled opponent. Nothing comes close. See respect.
2/
@corbet @monsieuricon thinking I can whip out a solution shows you don't understand the game and don't respect your opponent. 1st, I'm tired of that game, and 2nd, if I have to play it I get paid.
Rule 3: groupthink is hacker death. It's a private game. He's free to do what he wants, so that has to be matched.
Are you seriously telling me you know 0 great hackers in your world? Sometimes you don't need to be great, just stubborn and persistent. Qualities very rare in the corporate sector.
3/
@corbet @monsieuricon good luck. Though really luck has very little to do with it. But do get rid of the public lkml mindset. Is your opponent telling everyone what's going on? So why are you? When I was new to this I'd let them know they'd been trapped but realized how dumb that was. Then I'd do something subtle. Now it's totally transparent.
There's always decisions to make. How much does a false positive matter? Though if the weakness is detected there will be few false results.
4/
@smxi That is an unhelpful reply that undermines the target of the attack. Please try to build up rather than tear down and avoid blaming victims.
@DanielRThomas lol, this is just a troll providing mindless platitudes because the ideas sound pretty in their head, although could be LLM-generated, but they are literal pipe-dreams and spending time thinking about them is ultimately a waste of good effort. I laughed and blocked.