Chaostables is a package with iptables/Netfilter targets that will spoof network scanners. Documentation on how it works and how to reimplement it in userspace are also provided. Special features include recognition of all nmap scan types including -sS SYN Scan, proactive slowdown of TCP and UDP (10000+%), and providing back fake nondeterministic information.

Have a look at the Detecting and deceiving network scans document for more information.

2008-03-30 — Inclusion in Xtables-addons

The Chaostables source code has been integrated into Xtables-addons.

2007-03-11 — Mainline inclusion?

I proposed the chaostables patch for inclusion in mainline kernel, but the feedback has been mixed. If you would like to read up on it, go to