On Wed, Jan 17, 2024 at 08:29:12PM +0000, Jeremy C. Reed wrote: > Any suggestions for fake daemons to use to see scanners or malicious > connections? > Maybe some services I can run via inetd? > They don't need to actually attempt user authentication, > so just some that have greeting banners as appropriate to initiate use. > > I was looking for fake telnetd, imapd, ftpd for example.
You can probably do it with inetd builtins. See usr.sbin/inetd/inetd.c:/biltin (FWIW, there is a reworked inetd version here, but for "biltin"s the version is the same: https://github.com/tlaronde/BeSiDe that is current NetBSD plus some modifications/additions of my own). -- Thierry Laronde <tlaronde +AT+ kergis +dot+ com> http://www.kergis.com/ http://kertex.kergis.com/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
