[bediger4000]

Thank you, and good points. From the view point of increasing the utility of scanning for weak-password ssh ports, a honeypot and a tarpit are both entities the human setting up the scanning would like to avoid. I think that ultimately a human looking for easily-guessed ssh or telnet or whatever passwords would want to avoid tarpits and honeypots equally. They might have to code differently for a tarpit than a honeypot, but the goal would be to detect and avoid instances of both things. What proportion of "something to detect and avoid" would cause a scanner to be less than profitable, or just give up?

To illustrate: I've been giving the people that staff robocaller's "service centers" a hard time for years. I believe that my phone number is in some of their systems as a "bad actor" - I've occasionally heard an audible, computer-generated voice telling the "service rep" that this is a known troublesome number. They also occasionally hang up on me a sentence in to the script. I usually tell them I'm Edward Snowden, but you can call me Ed. That gets a hangup maybe 5% of the time. So giving them a hard time wastes their resources enough that at least a few boiler room/"service centers" put effort towards avoiding me, and the few others like me. What proportion of resource-wasters would it take to make them quit?