Portspoof flips firewall design on its face

AitportIn a typical network firewall design, an effort is made to close off and block access to as many communication ports as possible. Often, in order to prevent discovery of themselves and the machines hiding behind them, firewalls are configured to drop incoming packets and make no response to communication requests .

This hiding game is up as soon as one exposes network services for consumption. When access to network services is enabled, attackers can focus on and attack the ports of those services while ignoring any protection running on other ports.

Portspoof offers an interesting approach to solving this problem by flipping things around. Instead of closing down ports, all ports are kept open and responsive to query, while masquerading as a whole set of interesting but fake services. With this technique, attackers can end up having great difficulty in figuring out where your real services hide among the fake ones.

With security, then name of the game is time. Portspoof’s premise is to slow attackers down enough for you, the defender, to learn of their actions and take additional protective measures.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s