Are tarpits still of use these days? I sort of figured that even modern script mass attackers have gotten professionalized and sophisticated enough that they can deal with trivial timeouts and the like. I could see actual honeypots still being of use for researchers or blue teams at organizations that are real targets, and ML might even open up some interesting new ways to make those more engaging for longer. But a tarpit doesn't seem like it'd cause bother for drive-by or APT, the former are all about volume so if something takes more than a few seconds just skip it (and maybe flag it as a tarpit for punishment) and an APT will instantly recognize it too.<p>For individuals and smaller orgs I've sort of felt like keeping your head down, running a wg/ssh bastion with a non-standard port maybe along with single packet auth or even plain old port knocking to reduce log spam from random drive-by is more effective and attainable for places without any sort of dedicated security or even constant in-house IT staff. Running a tarpit on a VPS seems like it'd fail to bother most these days, and running it on an actual IP seems like at best it'd have no effect and at worst if it ever actually held up a scanner and the operator noticed they might decide to direct some actual attention to that IP, or at least throw a mild ddos at it for a bit. Am I wrong or out of date on that? I'm all for sticking it to bad actors and efforts to reduce the economic incentives, but in 2020 tarpits strike me as kind of obsolete with some risk to boot.