> 301 redirect to https://nsa.gov so they might get on someone's radar with the time and resources to stop them
No, don’t do that. Don’t redirect them to anyone else but yourself.
IANAL but it seems pretty clear that you could end up being partly responsible for any damage caused by sending them elsewhere.
Furthermore, even attacking back in any way could be a very very dumb thing to do. Just because someone is attacking you you don’t know that the owner of the system is responsible for that. In fact most likely almost every single machine that is participating in attacks against you are just botnet victims.
No, don’t do that. Don’t redirect them to anyone else but yourself.
IANAL but it seems pretty clear that you could end up being partly responsible for any damage caused by sending them elsewhere.
Furthermore, even attacking back in any way could be a very very dumb thing to do. Just because someone is attacking you you don’t know that the owner of the system is responsible for that. In fact most likely almost every single machine that is participating in attacks against you are just botnet victims.
The book Aggressive Network Self-defense talks a bit about this. https://www.amazon.com/Aggressive-Network-Self-Defense-Neil-...
I think the only reasonable thing to do is any combination of the following:
- Present captchas and use rate-limiting like you were
- Block / blackhole / null route
- Honeypot that holds onto sockets for as long as possible, but only if you are sure like someone else said ITT that doing so is not DOSing yourself.