I use to have my firewall setup with a program that would ping all port scans back and then run a whois on it.
You mean that if someone nmap -D scans your box you would ping all the decoys? Now that comes in handy...
Seriously I don't think pinging back on a portscan is interesting. If you want to be notified on portscans I suggest you use a real IDS like Snort. I'm sure Snort log reporting can be ameliorated with whois info someway.
|