Source code and details: https://github.com/umutcamliyurt/PortTripper
How it works
On startup PortTripper:
- Scans the configured port range and builds a whitelist of ports already in use by real services (first run only).
- Draws a cryptographically random sample of up to
-maxportsports from the range, excluding whitelisted ports. Usingcrypto/randfor selection means the open set is unpredictable to an attacker even if they know the configured range. - Binds TCP and UDP listeners on every chosen port.
- On TCP: accepts connections, holds them open for a configurable duration, then drops them, wasting the scanner’s threads and file descriptors.
- On UDP: reads and discards datagrams without replying, so ports appear
open|filteredto scanners rather thanclosed.
All real service ports are untouched because they are already bound before PortTripper starts, and the auto-generated whitelist tells PortTripper to skip them.
I think what the commenter is saying is if you have something running on a server on an external IP address for like a website that needs to be public, the additional risk of opening up more ports to slow down Internet scanners is not beneficial to you and not worth the risk.
If you’re deploying an raspberry pi and opening it up to the Internet, and don’t care if it crashes due to overload, thats a bit of effort and cost you incure to keep it running to be a nuisance.for Internet scanners. If you don’t have anything which needs to be publicly accessible to the Internet, the best thing you can do is not open any ports and expend no effort, so that the firewall/ NAT gateway operates in stealth mode which is does inflict some processing and time on the Internet scanner to run waiting for responses to timeout.