Serving false signatures to attack scanners with Portspoof

Flytrap

Article from Issue 160/2014
Author(s):

The Internet is a tough place to live – especially for publicly accessible computers. A small tool called Portspoof makes port scanning a real challenge for attackers.

Seasoned attackers, and even some amateur cyber-vandals, find sport in trying to scan servers and hijack them at the same time (Figure 1). Firewalls and Intrusion Detection/Prevention systems can help, but if a single tool could truly stop all potential attacks, the Internet intrusion industry wouldn't even exist.

A professional intrusion attempt is typically preceded by reconnaissance and scanning. Many attackers simply perform a scan, which is easily automated with tools like Nmap. An attacker who discovers a firewall and similar defensive system can often guess which ports and services are worth attacking. However, a tool called Portspoof [1] intervenes to cause complications and confusion for the attacker. Portspoof answers port requests with a wild mix of signatures and payloads. This confusing and unwanted information slows down any attempted port scan, forcing the attacker to manually evaluate the results in a time-consuming process.

Portspoof was developed in 2012 by Piotr Duszynski, who calls his program a "Service Emulator and Frontend Exploitation Framework." The application is available under the GPLv2 and is implemented in C++.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Netfilter's Recent Module

    Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.

    more »
  • Single-Packet Port Knocking

    If you are looking for an extra layer of remote access security, try single-packet port knocking.

    more »
  • Tutorials – Server Security

    Fear not the barbarians of cyberspace, and follow our guide to shoring up your digital defenses.

    more »
  • TCP Hijacking

    It is quite easy to take a TCP connection down using a RST attack, and this risk increases with applications that need long-term connections, such as VPNs, DNS zone transfers, and BGP. We’ll describe how a TCP attack can happen, and we’ll show you some simple techniques for protecting your network.

    more »
  • Nmap Methods

    How does the popular Nmap scanner identify holes in network security? In this article, we examine some Nmap analysis techniques.

    more »
comments powered by Disqus