Provided are systems, methods, and computer-program products for using deceptions to detect network scans. In various implementations, a network device, configured as a decoy network device can be configured to determine a particular network address. The network device can determine that the particular network address is unassigned. The network device can configure itself with the particular network address, wherein the network device uses the particular network address to monitor network activity for a network scan. The network device can receive a packet addressed to the particular network address. The network device can determine that received packet is associated with a scan of the network, including associating the received packet with other packets in the monitored network activity. The network device can configure one or more security settings for the network when the received packet is determined to be associated with a scan of the network.
展开▼