I finally got around to testing out labrea last night. It works as described, though I didn't test it out too extensively. I ran it on a debian machine, and had it listen on a two different ips. Nmap didn't seem to have much trouble with it, but trying to access that virtual ip with ssh or a web client would result in an incredible long timeout. That is very interesting.
I got to thinking whether it really was a useful mechanism though. Would a well designed firewall ruleset do the trick? It might be more useful if you have a ton of IP addresses which can be used as a tarpit, but in my case where I only have a few, it might not make sense.
¥