While doing a qmail install recently, I was reminded of Dan Bernstein's TCPServer, which is part of the ucspi-tcp package. What TCPServer does, is listen on a given port and when a connection is made, it executes a program of your choice, sending stdout out via the TCP Port. This is useful in that you can listen on say, TCP/1095 and just have a shellscript that reads:
Code:
#!/bin/sh
echo GO AWAY YOU DIRTY H4X0R!
You can also control things like how many connections are allowed at once (so that each spawned app can't be misused and DoS your server through resource usage), etc., etc..

It's a pretty customizable thing, and I was hoping to get some input on how it might fly in a honeypot setup. If you were a hacker, and you saw TCP/21 was open thanks to your fav. port scanner, would you not be frustrated if you telnet in and get GO AWAY YOU DIRTY H4X0R!! and then the connection is closed?

Because you restrict connections based on IP, it might also be possible to have a remote shell sitting and listening on your internal network, that kinda thing.

What do you honeypot types think?