I had a vm where attackers were always scanning the same dumb pages: admin consiles etc...
So I decided to mess with them: Give a plausible response, but send 1 byte per second. Or send a gz bomb. Or an infinite redirect loop.
The smarter scanners didn't fall for them and generally stopped scanning for a few days. The dumb ones believed everything I fed them, and their attack traffic multiplied heavily.
That's fun:) The one thing that would have made me hesitate is getting the attacker to go after hand-rolled Python; I would personally not trust my python against an attacker. On the other hand, it wad isolated so probably not a big deal even if the attacker managed to exploit it; exploiting a dummy app on an isolated server isn't terrible:)
So I decided to mess with them: Give a plausible response, but send 1 byte per second. Or send a gz bomb. Or an infinite redirect loop.
The smarter scanners didn't fall for them and generally stopped scanning for a few days. The dumb ones believed everything I fed them, and their attack traffic multiplied heavily.