Active Defense: Portspoof (and lifehacking: food)

So, first of all, fire up Flash Video Downloader (the Firefox plugin). Surf over to and click the blue down arrow next to your address bar, and go to “Favorite Scene…” | “Copy URL to Clipboard.” Open up VLC, and hit Ctrl-N and then Ctrl-V.

Enjoy the scene.*

Now that you get the idea, check out Portspoof as a defensive security idea.

When some n’er-do-well runs nmap or some other reconnaissance tool against your server or desktop, usually the reponses are pretty telling. They can often tell a great deal about the computer, just by which ports it responds on and which it doesn’t. But… what if it simply responds to everything?

All of a sudden the attacker’s job becomes much more difficult — it’s not clear which responses are real, if any. They now have to do their recon via another channel. In the process of learning this, they may have made enough “noise” on your network to be detected.

Portspoof also integrates well with “active defense” tools to automatically exploit vulnerabilities in the /attacker’s/ tools, in a sense pwning them when they try to pwn you. This, however, is a very advanced technique best implemented only after consulting a net-savvy attorney.

Of course, the principle can be applied in many more sophisticated ways than simply responding on every port.

* Note that this is a “Flash required” video, but for you, Swiss-cheese-security Flash was not required. Nor did you suffer through random blinky YouTube distractions, or tell YouTube where you paused the video or scrolled back or stopped watching. If you had any trouble, click the down-triangle next to the blue arrow, click on “File Types,” and un-check all Video-types except for .mp4.

Lifehacking: Just for the record, sardines are awesome. On a slice of bread with some lemonjuice and garlic… you’ll figure out pretty fast why they’re called a “superfood.”

“Art of Annoyance and Camouflage

The Portspoof program primary goal is to enhance OS security through a set of techniques that will slow down and keep your attackers out from staying low profile during their reconnaissance against your system(s).

By default the attacker’s reconnaissance phase should be time consuming and easily detectable by your intrusion detection systems…

Art of Active (Offensive) Defense

Portspoof can be also used as an ‘Exploitation Framework Frontend’, that turns your system into responsive and aggressive machine. In practice this means that your server will be able to exploit your attackers’ tools and exploits in an automated manner. This approach is purely based on Active (Offensive) Defense concepts.

Portspoof is meant to be lightweight, configurable, fast and secure (if it’s not – please let me know) Check it out:

Run your favorite port scanning tool for to see the results: nmap -sV -v”

%d bloggers like this: