There are a variety of services listening for connections on DShield honeypots . Different systems scanning the internet can connect to these listening services due to exceptions in the firewall. Any attempted connections blocked by the firewall are logged and can be analyzed later. This can be useful to see TCP port connection attempts, but it's usefulness is limited. Without the ability to complete the SYN, SYN-ACK, ACK handshake process other protocol data may not be sent.
Opening the Door for a Knock: Creating a Custom DShield Listener, (Thu, Dec 29th)
This post was originally published on this site