the Scanner Tarpit HOWTO
$Revision: 0.15 $ $Date: 2006-12-15 21:03:16-08 $
How to configure a Linux firewall protecting a publicly-accessible
(boundary, DMZ) network to detect worms' and attackers' scanning activity and
react in real time to block and interfere with that scanning activity. A
discussion of reporting tools and possible extensions is also included,
with details for setting up an SMTP-only tarpit.