lightweight HTTP sink using socat

Quick n’ dirty way to run a HTTP sink (on a server that isn’t supposed to have a HTTP server running) to catch bots scanning all machines across your network.

socat -T 1 -d -d tcp-l:80,bind=,reuseaddr,fork,su=nobody,crlf system:”echo -e \”\\\”HTTP/1.0 200 OK\\\nDocumentType: text/html\\\n\\\n<html>date: \$\(date\)<br>server:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT<br>client: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n<pre>\\\”\”; cat; echo -e \”\\\”\\\n</pre></html>\\\”\”” 2>&1 | grep connection
2015/03/30 21:11:23 socat[12223] N accepting connection from AF=2 on AF=2

Leave it up and running to quickly identify and process bot IP addresses that should be blocked.  Modify port as needed for other services the bots are trying to find.

