If you are willing to install this, why not configure the system to block an IP if it starts connecting to multiple closed ports? Something like crowdsec or fail2ban can do this. Then the attacker gets far less info - looks like all ports are closed and can be done for more then 8 hours.
If you are willing to install this, why not configure the system to block an IP if it starts connecting to multiple closed ports? Something like crowdsec or fail2ban can do this. Then the attacker gets far less info - looks like all ports are closed and can be done for more then 8 hours.