In a typical network firewall design, an effort is made to close off and block access to as many communication ports as possible. Often, in order to prevent discovery of themselves and the machines hiding behind them, firewalls are configured to drop incoming packets and make no response to communication requests .
This hiding game is up as soon as one exposes network services for consumption. When access to network services is enabled, attackers can focus on and attack the ports of those services while ignoring any protection running on other ports.
Portspoof offers an interesting approach to solving this problem by flipping things around. Instead of closing down ports, all ports are kept open and responsive to query, while masquerading as a whole set of interesting but fake services. With this technique, attackers can end up having great difficulty in figuring out where your real services hide among the fake ones.
With security, then name of the game is time. Portspoof’s premise is to slow attackers down enough for you, the defender, to learn of their actions and take additional protective measures.
Ifblog (ponderings 2.0) 