Serving false signatures to attack scanners with Portspoof


Article from Issue 160/2014

The Internet is a tough place to live – especially for publicly accessible computers. A small tool called Portspoof makes port scanning a real challenge for attackers.

Seasoned attackers, and even some amateur cyber-vandals, find sport in trying to scan servers and hijack them at the same time (Figure 1). Firewalls and Intrusion Detection/Prevention systems can help, but if a single tool could truly stop all potential attacks, the Internet intrusion industry wouldn't even exist.

A professional intrusion attempt is typically preceded by reconnaissance and scanning. Many attackers simply perform a scan, which is easily automated with tools like Nmap. An attacker who discovers a firewall and similar defensive system can often guess which ports and services are worth attacking. However, a tool called Portspoof [1] intervenes to cause complications and confusion for the attacker. Portspoof answers port requests with a wild mix of signatures and payloads. This confusing and unwanted information slows down any attempted port scan, forcing the attacker to manually evaluate the results in a time-consuming process.

Portspoof was developed in 2012 by Piotr Duszynski, who calls his program a "Service Emulator and Frontend Exploitation Framework." The application is available under the GPLv2 and is implemented in C++.


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly’s Column: PortSentry

    To celebrate 10 years of his column, Charly sets up a sensitive detector that measures the cosmic background radiation of the Internet.

  • Netfilter's Recent Module

    Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.

  • Customizing PortSentry

    PortSentry monitors your ports and lets you know when they’ve been scanned.

  • Nmap Methods

    How does the popular Nmap scanner identify holes in network security? In this article, we examine some Nmap analysis techniques.

  • Books

    Reviews of O'Reilly's Beautiful Code: Leading Programmers Explain How They Think, Prentice Hall's The Official Damn Small Linux Book, and Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort from No Starch Press.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia