(no title)

Cats also have timeouts set for balls of fluff. They usually get bored at some point and either go away or attack you :)

If the bot is connecting over IPv4, you only have a couple thousand connections before your server starts needing to mess with shared sockets and other annoying connectivity tricks.

I don't think it's a terrible problem to solve these days, especially if you use one of the tarpitting implementations that use nftables/iptables/eBPF, but if you have one of those annoying Chinese bot farms with thousands of IP addresses hitting your server in turn (Huawei likes to do this), you may need to think twice before deploying this solution.

Yes but you still need to keep a connection open to them. This is a sort of reverse SlowLoris attack, though.

Yeah but in the mean time it's tying up a connection on your webserver.