On 2015-09-24 Thu 14:42 PM |, Benny Lofgren wrote: > > I've used one of the inetd "trivial services" (echo, discard, chargen, > daytime or time) for this purpose, in combination with a couple of PF > rules. Something like this: > > match in log on egress from any to <my_unused_ips> tag honeypot > pass in log tagged honeypot rdr-to 127.0.0.1 port echo keep state \ > (max-src-conn-rate 1/30, overload <badguyshoneypot> flush global) >
Ahhh! Cunning plan Benny. I shall play... > > PS. Who named unlistened-to ports "zombies" anyway? http://en.wikipedia.org/wiki/Zombie_computer Cool. -- It is only the great men who are truly obscene. If they had not dared to be obscene, they could never have dared to be great. -- Havelock Ellis
