Hi. Jones, Steven wrote:
Ive found port sentry really good for detecting port scans and then routeing the return packets to no where.
As an addition to that idea: would it be possible to cause similar effects to HTTP-server worms with a modified tarpit? Maybe a modified version of the kernel httpd: whenever a worm attack drops in the response will be a normal website containing a bogus content (no 404), coming over the line character by character with a huge delay. Comments?
Bye, Mike
