Quote:
Originally Posted by jggimi
Wow! That's certainly creative. 
If I were to set up a honeypot, it would be for attack analysis. I would probably deploy honeyd and direct unwelcome traffic there via PF. However, I've not bothered, as no attempted (and noticed) attacks so far have warranted any analysis. |
Well analysing attacks would take a lot of time (since my post, i already catched 11 IPs contacting different ports) and this way it is faster. Every attack will start with some kind of probing and this way probing is also the last action they will perform. Beside that, that "security by obfuscation" aka moving services to different ports gets a new meaning as you need to hit it before you hit booby trapped port... and this is very small target with booby trap before and after it, plus multiple blocks of ports (like most of 1-1055)
I was testing it with grc.com SYN scan and it managed to scan 29 ports before beeing banned. Botnet would maybe stand a chance
Ah one more thing, port 80 was left out of blocking where index is verifying if connecting client is tarpitted and captcha is shown to remove the blockage... (well... 98% of code done
)