What can I do when I get an obvious hacking attempt? I wish there was an easy way to cause them to waste their time, that doesn’t involve server resources. Even a delay of a few seconds could render brute force attacks futile.
Sending them to an AsyncContext seems too processor intensive, and a timeout will automatically resend the same request back to the beginning where it started. Which might actually aide a DOS attack.
I am using Jetty and know about the DoSFilter, but it would be much more effective if I could delay a response when I detect foul play, which is rather easy to sense in my case. I think every failed validation / authentication attempt should automatically delay a response somehow.
I am not really authenticating here, so an authentication protocol/frontend is not useful. I am just validating the connection parameters for patterns that meet certain criteria. I know TCP/IP will notify, but if I could disconnect invalid access attempts silently and keep them hanging, that would be ideal.
I think that, if you detect a fool play, it would be more wise to block their ip for a certain period. It would be easy just adding their ip in
/etc/hosts.deny(it works for many unix daemons, but I am not sure if it works with java processes too, I think it should work since it’s used by the tcp daemon itself).man 5 hosts.denyat the command line gives some hints (or check this online link).BTW, I think you can use
Thread.sleep()to pause a servlet, as in any normal java code. But this, would probably cause more request from the same caller to keep open for long time, increasing the active resources that the application server has to allocate and maintain. So if the attacker can work in multithread, possibly this will help him to block your server, as it will hold all the threads for his attack, blocking all other users to access your service.