Source code and details: https://github.com/umutcamliyurt/PortTripper
How it works
On startup PortTripper:
- Scans the configured port range and builds a whitelist of ports already in use by real services (first run only).
- Draws a cryptographically random sample of up to
-maxportsports from the range, excluding whitelisted ports. Usingcrypto/randfor selection means the open set is unpredictable to an attacker even if they know the configured range. - Binds TCP and UDP listeners on every chosen port.
- On TCP: accepts connections, holds them open for a configurable duration, then drops them, wasting the scanner’s threads and file descriptors.
- On UDP: reads and discards datagrams without replying, so ports appear
open|filteredto scanners rather thanclosed.
All real service ports are untouched because they are already bound before PortTripper starts, and the auto-generated whitelist tells PortTripper to skip them.
It’ll probably just be a nuisance for small operations and for larger botnets be a drop in the bucket or not even noticable.
Yeah, I don’t think this would be great on an external boundary with all the internet scanners out there, but maybe in a DMZ it might help as a feed to a boundary blocklist.
I do see torrent peers trying to scan my network sometimes, so this might be an interesting insight…