Things like this that play games scare me. This itself opens a wider attack vector on your server. I'm thinking of possibilities:

1. In Linux, each TCP connection is a file descriptor. PortTripper holds connections to waste scanner threads, which means it's holding file descriptors. This could be a good DDOS attack vector. Hit every port with connection requests, requiring a slew of file descriptor creations, and boom, you cause the server to hit the server ulimit cap. New connections cannot be made. The server is half dead.

2. Memory and CPU consumption. Maintaining thousands of open TCP states takes RAM and CPU. A massive flood can consume all memory. And for what? To annoy a hacker?

Interestingly enough, just these 2 things can make PortTripper a hacker's tool.

3. If a service crashes or reboots, is down for maintenance, or is slow to come up, PortTripper might grab the port before the application comes back up. And then it can't come back up.

4. Who's to say there won't be vulnerabilities in PortTripper that can cause a buffer overflow, memory leak, or parsing vulnerability in PortTripper's code or a library it uses? Playing this game opens another attack vector into your server.

5. If PortTripper can bind to ports 1 through 1023, then it's running as root or has elevated capabilities. If an attacker exploits a bug in PortTripper or a library it uses, they can get high-level control of the server.

6. While PortTripper "discards datagrams without replying" in a reflected DDOS attack, millions of discarded packets come in, which means millions of CPU interrupts at the kernel level. This can choke the NIC.

I think PortTripper is too risky to run just to become a nuisance to someone, IMHO.