I remember someone setting up there Linux server to appear as a Windows machine in case it was port scanned. If indeed it was scanned the scanners IP was placed in the /etc/hosts.deny file.

Unfortunately I cannot find directions on what I am talking about. Can someone point me in the right direction?