I've used a set of rewrite rules for sending bad bots into a black hole for some time, but the list is long outdated, and never was quite that complete, in the first place.
I've just happened upon one which seems more promising. I thought I'd share the link here to get some oninions from the group:
As I've likely mentioned in the past, my snort flexibility is limited in the Sophos UTM, so some things which could probably be more easily done at the border, I need to mitigate a bit farther inside.
Anyway, please feel free to comment. I haven't tested this under 2.2 or 2.4, as yet.
--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC www.2rosenthals.com
visit my IT blog www.2rosenthals.net/wordpress
-------------------------------------------------------------