[Laforet]

IMO this is still a passive type of security through obfuscation. Active defence would be more like returning zip bombs to known intruders in order to crash the process.

[timschmidt]

Or a tar pit: https://github.com/skeeto/endlessh

[fastily]

Endlessh seems to be abandonware. linuxserver.io used to maintain a docker image but deprecated it (https://github.com/linuxserver/docker-endlessh/pull/16) after endlessh didn’t get any new updates in over 3 years. I’ve started using endlessh-go instead https://github.com/shizunge/endlessh-go

[orev]

It appears it can be configured to actively return attacks:

> Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits

[pogue]

I can't seem to figure out how this would work or what this mean. Most of the links to the documentation seem to be missing.

I'd actually be curious to know if this seemingly ~10 year old software still works. Also how much bandwidth it uses, CPU/RAM etc.

[pixl97]

There's tons of client software that can be exploited if you send a dangerous payload to it. Think of an exploitable version of Curl that will fail if it receives a bad http header.

[orev]

I would guess that it fingerprints the scanning software (e.g. metasploit), then feeds a payload back to it that has a known exploit in the scanning script.