Portspoof
Go to file
Piotr Duszynski 34ed3e8188 1.2 release
2014-04-25 09:13:52 +02:00
auto update 2013-08-06 14:32:27 +02:00
src 1.2 release 2014-04-25 09:13:52 +02:00
system_files Update portspoof.sh 2014-01-26 11:45:23 +01:00
tools 1.2 release 2014-04-25 09:13:52 +02:00
.travis.yml Merge branch 'master' of https://github.com/drk1wi/portspoof into GITHUB_master 2013-08-06 14:49:59 +02:00
aclocal.m4 autoreconf 2013-12-31 09:19:04 -05:00
AUTHORS Fix permissions on some files 2013-09-22 04:45:26 +03:00
ChangeLog 1.2 release 2014-04-25 09:13:52 +02:00
configure 1.2 release 2014-04-25 09:13:52 +02:00
configure.in 1.2 release 2014-04-25 09:13:52 +02:00
COPYING Fix permissions on some files 2013-09-22 04:45:26 +03:00
COPYRIGHT.GPL Fix permissions on some files 2013-09-22 04:45:26 +03:00
CREDITS update minor issues. 2014-04-25 08:25:42 +02:00
DOCS 1.2 release 2014-04-25 09:13:52 +02:00
FAQ Fix permissions on some files 2013-09-22 04:45:26 +03:00
INSTALL minor adj. 2013-08-06 14:46:13 +02:00
Makefile.am Fix permissions on some files 2013-09-22 04:45:26 +03:00
Makefile.in autoreconf 2013-12-31 09:19:04 -05:00
NEWS FIXED! 2013-07-16 16:06:26 +02:00
README README update 2014-01-05 03:43:17 +01:00
README.md README update 2014-01-05 03:43:17 +01:00

#Portspoof Build Status

Effective defense against port scanners

Short description:

####Art of Annoyance

The Portspoof program primary goal is to enhance OS security through a set of few techniques:

1. All TCP ports are always open

Instead of informing an attacker that a particular port is CLOSED or FILTERED a system with Portspoof will return SYN+ACK for every port connection attempt.

As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN. Therefore, it is difficult to determine if a valid software is listening on a particular port (check out the screenshots).

2. Every open TCP port emulates a services

Portspoof has a huge dynamic service signature database, that will be used to generate valid service signatures and feed them to your offenders scanning software.

Scanning software usually tries to determine a service version that is running on an open port. This step is mandatory if one would want to identify port numbers on which you are running your services on a system behing the Portspoof. For this reason Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database. As a result an attacker will not be able to determine which port numbers your system is truly using.

By using those two techniques together:

  • your attackers will have a tough time while trying to identify your real services.
  • the only way to determine if a service is emulated is through a protocol probe (imagine probing protocols for 65k open ports!).
  • it takes more than 8hours and 200MB of sent data in order to properly go through the reconessaince phase for your system (nmap -sV -p - equivalent).

####Art of Active (Offensive) Defense

Portspoof can be used as an 'Exploitation Framework Frontend', that turns your system into responsive and aggressive machine. In practice this usually means exploiting your attackers' tools and exploits. At the moment there are few example exploits in the configuration file (portspoof.conf)

Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system. The general goal of the program is to make the reconessaince phase slow and bothersome for your attackers as much it is only possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.

####Features

The most important features that Portspoof has:

  • it will add some real pain to your attackers reconessaince phase.
  • it is a userland software and does not require root privileges !
  • it binds to just ONE tcp port per a running instance !
  • it is easily customizable through your iptables rules
  • marginal CPU and memory usage (multithreaded)
  • more than 9000 dynamic service signatures to feed your attackers scanning software !

###Author: Piotr Duszynski (piotr[at]duszynski.eu) http://portspoof.org/

Follow me at @drk1wi

###License Consult the COPYING file.

###Compile instructions Consult the INSTALL file.

###Other important files

  • AUTHORS - File with Author contact info
  • Changelog - What I have implemented
  • TODO - What I am planning to implement in the upcoming versions
  • FAQ - Bug reporting and frequently asked questions

###Project Support

If you like the soft a beer would be much appreciated ;)

DogeCoin: DQiFbhbXDQ1VWR5qUPi8f6ECdn1Do45LuB BitCoin: 17gfBSbWeREEkyyA8F6V7v5ruFksxqnhBD LiteCoin: LPWMSPQv6J9zYQ7jRq7ZPv21TsoMHMnKKR