Aug 052012
 

Source: http://portspoof.duszynski.eu/

The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.
The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow  and output very difficult to interpret,  thus making the attack reconnaissance phase a challenging and bothersome task.

Here is an example nmap scan result against system running portspoof:
– default scan took about 800s (instead of 20s)
– CPU usage was at 0,5%
– memory usage was at 0,5%
– only one legitimate service is running on port in range of 1-65535

Portpoof in action : Nmap output

Check portspoof in action (Live demo – will sometimes hang due to dev. process ):

nmap -sV 54.247.124.68

Portspoof is still an early work in progress and although stable and working it will require a lot of additional work (preferably along with a good beverage :)).