mod redme

This commit is contained in:
PD 2017-10-02 22:40:43 +02:00
parent 5eed6fc61a
commit 22347222d6
2 changed files with 91 additions and 89 deletions

43
README

@ -1,19 +1,16 @@
Portspoof software overview
Portspoof software overview (http://drk1wi.github.io/portspoof/)
Short description:
**Short description:**
*Art of Annoyance*
The Portspoof program primary goal is to enhance OS security through a set of following techniques:
The Portspoof program primary goal is to enhance OS security through a set of new techniques:
- All 65535 TCP ports are always open
- All TCP ports are always open
Instead of informing an attacker that a particular port is in a CLOSED or FILTERED state Portspoof will return SYN+ACK for every port connection attempt ... and no it does not bind to every possible port ;-)
Instead of informing an attacker that a particular port isa CLOSED or FILTERED state Portspoof will return SYN+ACK for every port connection attempt.
As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN.
nmap -p 1-20 127.0.0.1
As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN:
**`nmap -p 1-20 127.0.0.1`**
Starting Nmap 6.47 ( http://nmap.org )
Nmap scan report for 127.0.0.1
Host is up (0.0018s latency).
@ -42,14 +39,13 @@ Short description:
- Every open TCP port emulates a services
Portspoof has a huge database of dynamic service signatures, that will be used to fool scanners to believe there's a legitimate service running.
Portspoof has a huge database of dynamic service signatures, that will be used to generate fake banners and fool scanners.
Scanning software usually tries to determine a service version that is running on an open port.
Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database.
As a result an attacker will not be able to determine which port numbers your system is truly using.
Scanning software usually tries to determine a service version that is running on an open port. Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database.
nmap -F -sV 127.0.0.1
As a result an attacker will not be able to determine which port numbers your system is truly using:
**`nmap -F -sV 127.0.0.1`**
Starting Nmap 6.47 ( http://nmap.org )
Stats: 0:00:30 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Nmap scan report for 127.0.0.1
@ -158,17 +154,21 @@ Short description:
By using those two techniques together:
- your attackers will have a tough time while trying to identify your real services.
- the only way to determine if a service is emulated is through a protocol probe (imagine probing protocols for 65k open ports!).
- it takes more than 8hours and 200MB of sent data in order to properly go through the reconessaince phase for your system ( nmap -sV -p - equivalent).
*Art of Active (Offensive) Defense*
***Art of Active (Offensive) Defense***
Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits.
At the moment there are few example exploits in the configuration file (portspoof.conf)
Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits...
*At the moment there are few example exploits in the configuration file (portspoof.conf)*
Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system.
Portspoof is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system.
The general goal of the program is to make the reconessaince phase slow and bothersome for your attackers as much it is only possible.
This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.
@ -181,7 +181,6 @@ Short description:
- marginal CPU and memory usage (multithreaded)
- more than 9000 dynamic service signatures to feed your attackers scanning software !
http://portspoof.org/
Author: Piotr Duszynski (piotr [at] duszynski.eu) #
@ -191,13 +190,13 @@ License
Compile instructions
Consult the DOCS file.
Consult the DOC file.
Other important files
AUTHORS File with Author contact info
Changelog What I have implemented
FAQ Bug reporting and frequently asked questions
DOCS Documentation file
DOC Documentation file

@ -1,14 +1,14 @@
Portspoof software overview (http://drk1wi.github.io/portspoof/)
Short description:
**Short description:**
The Portspoof program primary goal is to enhance OS security through a set of new techniques:
The Portspoof program primary goal is to enhance OS security through a set of following techniques:
- All TCP ports are always open
- All 65535 TCP ports are always open
Instead of informing an attacker that a particular port isa CLOSED or FILTERED state Portspoof will return SYN+ACK for every port connection attempt.
Instead of informing an attacker that a particular port is in a CLOSED or FILTERED state Portspoof will return SYN+ACK for every port connection attempt ... and no it does not bind to every possible port ;-)
As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN.
As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN:
**`nmap -p 1-20 127.0.0.1`**
Starting Nmap 6.47 ( http://nmap.org )
@ -39,11 +39,11 @@ Short description:
- Every open TCP port emulates a services
Portspoof has a huge database of dynamic service signatures, that will be used to fool scanners to believe there's a legitimate service running.
Portspoof has a huge database of dynamic service signatures, that will be used to generate fake banners and fool scanners.
Scanning software usually tries to determine a service version that is running on an open port.
Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database.
As a result an attacker will not be able to determine which port numbers your system is truly using.
Scanning software usually tries to determine a service version that is running on an open port. Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database.
As a result an attacker will not be able to determine which port numbers your system is truly using:
**`nmap -F -sV 127.0.0.1`**
Starting Nmap 6.47 ( http://nmap.org )
@ -159,13 +159,16 @@ Short description:
- the only way to determine if a service is emulated is through a protocol probe (imagine probing protocols for 65k open ports!).
- it takes more than 8hours and 200MB of sent data in order to properly go through the reconessaince phase for your system ( nmap -sV -p - equivalent).
*Art of Active (Offensive) Defense*
***Art of Active (Offensive) Defense***
Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits.
At the moment there are few example exploits in the configuration file (portspoof.conf)
Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits...
*At the moment there are few example exploits in the configuration file (portspoof.conf)*
Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system.
Portspoof is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system.
The general goal of the program is to make the reconessaince phase slow and bothersome for your attackers as much it is only possible.
This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.
@ -194,6 +197,6 @@ Other important files
AUTHORS File with Author contact info
Changelog What I have implemented
FAQ Bug reporting and frequently asked questions
DOCS Documentation file
DOC Documentation file