@Magraw wrote:
One scanner reported a Tar pit, another reported honeypot, all others just get stuck scanning the SRX. They basicly get stuck and timeout after a very long time. Some even eventually report that the SRX is a PBX or some other weird server. It really does look like its acting a honeypot although I doubt it.
It could just be a certain behavior that the scanner thinks resembles a honeypot... like maybe TCP connections aren't denied but ignored, or maybe the SRX allows the TCP handshake but stops responding after that...
That's why I was curious what specific behavior triggered the scanners to think honeypot / tar pit. If they were more verbose for something like "honeypot detected, TCP successful handshake but no response" or something like that...
I suppose you could Wireshark it and watch to see what's happening (what's being sent by your scanner and how the SRX is responding) during the periods where the scanner thinks it's talking to a honeypot...