Portspoof - service signature obfuscator (more pain for port scanners)

[Nytro]

Portspoof - service signature obfuscator (more pain for port scanners)

From: Piotr Duszynski <piotr () duszynski eu>

Date: Sun, 05 Aug 2012 09:49:15 +0200

Hi, Short description of the soft and the concept: The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. The general goal of the program is to make the port scanning process very slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task. More info at: Portspoof - About Note: This is an idea that I had for a long time in mind and finally I found some time to implement it. It is still an early release and some part of the code isn't perfect, but I'll be working on that :] Cheers, Piotrek

The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.

The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task.

Here is an example nmap scan result against system running portspoof:

- default scan took about 800s (instead of 20s)

- CPU usage was at 0,5%

- memory usage was at 0,5%

- one legitimate service is running on port in range of 1-65535 - all the rest is fake

- portspoof will bind only to one port

Check portspoof in action (Live demo - will sometimes hang due to dev. process ):

nmap -sV 54.247.124.68

Portspoof is still an early work in progress and although stable and working it will require a lot of additional work (preferably along with a good beverage .

Sursa: Full Disclosure: Portspoof - service signature obfuscator (more pain for port scanners)