Navigation



Portspoof – Spoof All Ports Open & Emulate Valid Services

Last updated: April 7, 2018 | 6,253 views

The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port. As a result, any attackers port scan results will become fairly meaningless and will require hours of effort to accurately identify which ports have real services on and which do not.

Portspoof - Spoof All Ports Open & Emulate Valid Services

The tool is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system. The general goal of the program is to make the reconnaissance phase as slow and bothersome for your attackers as possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.


Techniques Used by Portspoof

All configured TCP ports are always open

Instead of informing an attacker that a particular port is in a CLOSED or FILTERED state a system running Portspoof will return SYN+ACK for every connection attempt, spoof all ports open.

Result: As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN. With this approach it is really difficult to determine if a valid software is listening on a particular port.

Every open TCP port emulates a valid services

Portspoof has a huge dynamic service signature database, that will be used to generate responses to your offenders scanning software service probes.

Scanning software usually tries to determine a service that is running on an open port. This step is mandatory if one would want to identify port numbers on which you are running your services on a system behind the spoofed ports. For this reason, Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database.

Result: As a result an attacker will not be able to determine which port numbers your system is truly using.

Portspoof Port Spoofing Tool Features

The most important features that Portspoof has:

  • Portspoof is a userland software and does not require root privilege
  • Binds to just one TCP port per a running instance
  • Easily customizable through your iptables rules
  • Marginal CPU/memory usage (multithreaded)
  • More than 9000 dynamic service signatures are supported

If you choose to, Portspoof can be used as an ‘Exploitation Framework Frontend’, that turns your system into a responsive and aggressive machine. This means exploiting your attackers’ tools and exploits in response to a port scan.

You can download Portspoof here:

portspoof-v1.3.zip

Or read more here.

Share220
Tweet73
Share
Share
Buffer19
WhatsApp
Reddit
Flip
Vote
Email
312 Shares
Posted in: Countermeasures


Latest Posts:


HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
September 7, 2019 - 105 Shares
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
August 31, 2019 - 51 Shares
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
August 28, 2019 - 120 Shares
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
August 23, 2019 - 106 Shares
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 118 Shares
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
July 18, 2019 - 249 Shares


One Response to Portspoof – Spoof All Ports Open & Emulate Valid Services

  1. ikobs billy April 11, 2018 at 11:50 pm #

    This is just awesome