Portspoof report all your ports open

http://drk1wi.github.io/portspoof/
This seems like a odd way of dealing with potential attackers. It shows all ports as open to a network scanner, this is meant to defeat targeted port scanning and application targeting.
If I scanned a box and saw all ports open I would immediately be curious not dissuaded to have a look what is going on.

It makes sense when you think about it. You can take a more active approach to defending exploits or completely waste their time chasing a perceived opening.

1 Like

Honeypot firewall?

1 Like

Gib payload pls huehue I reprot u

This doesn’t help anything.

The times that I’ve encountered such things, they didn’t really help, or where configured in a counterproductive way. Standard services are often still found on standard ports and when all ports are open its just like most ports are closed.

Then there’s also service based scannig vs port scanning, real useful services give real useful responses. Emulated services are way too obvious to find. Port spoofing is a gimmick, its security through obscurity. And we all know how that goes. Run a proper honeypot and IDS if any at all. Secure your ports and services properly.

In secure environments with traffic logs and records, Spoofing ports can wreak utter havoc and be counter productive as you loose track of what’s actually open anymore.

2 Likes

This is definitely a security through obscurity method and we all know how well they work

Security through obscurity is fine so long as its not the sole way you would deal with security. This is a neat idea that could be really useful if implemented properly.

Can you implement it and let me know where to look I wonder what metasploit would make of it.