sad/portspoof
1
0
Fork 0
mirror of https://github.com/drk1wi/portspoof.git synced 2024-06-28 09:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

v.1.1

Browse Source
This commit is contained in:
Piotr Duszynski 2013-12-31 14:43:29 +01:00
parent 92c155d003
commit 08eeffa3de
3 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
1.1 - 1/01/2014 - Linux
* Minor release.
* Updated reverse regular expression generation engine (used for generting bogus service signatures).
* Over 9000 service signatures in the portspoof_signatures file.
* Better memory management.
1.0 - 01/08/2013 - Linux
* Major release.
* Ported to C++.

22
README
View File

@ -2,26 +2,36 @@ Portspoof software overview
Short description:
*Art of annoyance*
*Art of Annoyance*
The Portspoof program primary goal is to enhance OS security through a new service emulation technique that renders all standard port scanning results useless.
The Portspoof program primary goal is to enhance OS security, through:
- simulating open ports, thus it is diffucult to determine if a valid software is listening on a particular port (check out the screenshot)
- emulating bogus services on all open ports by sending valid service signatures to your offenders scanning software.
As a result:
- half-open port scans are no longer deterministic and one has to service probe all ports
- service probes always return a valid service
- port scanners end up with 65535 valid signatures to analyze
*Art of Active (Offensive) Defense*
Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits. This approach is purely based on Active (Offensive) Defense concepts.
Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine.
In practice this usually means exploiting your attackers' tools and exploits. This approach is purely based on Active (Offensive) Defense concepts.
It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.
*General*
Porsoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.
The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow and output very difficult to interpret,
thus making the attack reconnaissance phase a challenging and bothersome task.
The most important features that Portspoof has:
- Portspoof is a userland software and does not require root privileges !
- Binds to just one tcp port per a running instance
- Binds to just one tcp port per a running instance (no bind per every open port!)
- Easily customizable through iptables rules
- Marginal CPU/memory usage (multithreaded)
- More than 8000 dynamic service signatures are supported !
- More than 9000 dynamic service signatures are supported !
- Will help you to automate your Active Defense attacks against your attackers tools and scripts
http://portspoof.org/

13
README.md
View File

@ -4,10 +4,15 @@
### Short description:
The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports.
It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.
The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task.
The Portspoof program primary goal is to enhance OS security, through:
- simulating open ports, thus it is diffucult to determine if a valid software is listening on a particular port (check out the screenshot)
- emulating bogus services on all open ports by sending valid service signatures to your offenders scanning software.
As a result:
- half-open port scans are no longer deterministic and one has to service probe all ports
- service probes always return a valid service
- port scanners end up with 65535 valid signatures to analyze
###General benefits of using this software are:
* Protection against well known port scanners (all scanning results are chaotic and difficult to interpret)
* Possibility to use your current firewall rules to decide for which hosts "port spoofing" applies