Portspoof – Tool to Emulate Valid Services

There are many tools support port knocking which is a known way to stop external scanning by emulating open ports and services. Firewall or Web servers will use this technique to slow down the attack and scanning. In case you are looking for similar program you can check Portspoof.

The Portspoof program primary goal is to enhance your systems security through a set of new camouflage techniques. Techniques used to achieve this:

  • All configured TCP ports are always open

Instead of informing an attacker that a particular port is in a CLOSED or FILTERED state a system running Portspoof will return SYN+ACK for every connection attempt.
Result: As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN. With this approach it is really difficult to determine if a valid software is listening on a particular port.

  • Every open TCP port emulates a valid services

Scanning software usually tries to determine a service that is running on an open port. This step is mandatory if one would want to identify port numbers on which you are running your services on a system behind the Portspoof.

Portspoof - Tool to Emulate Valid Services

Portspoof – Tool to Emulate Valid Services

The most important features that this software has:

  1. Add some real pain to your attackers reconnaissance phase.
  2. Binds to just ONE tcp port per a running instance
  3. Marginal CPU and memory usage (multi-threaded)
  4. More than 9000 dynamic service signatures to feed your attackers scanning software

You can read and download latest release over here: https://github.com/drk1wi/

Notify of
Inline Feedbacks
View all comments