portspoof trolling

Marius once told me about portspoof. A service to troll those who use various scanners by feeding the scanners with false results. Well, while the idea is good, I’m wary about a service like this as this is the kind of service where you wouldn’t want a buffer overflow.

Giving it a run inside a VM, I noticed something odd when using nmap’s service and version detection probes. This happened on the lower ports (1-50). Then I started to look at something that started to look like a pattern, therefore I increased the port range to include 1-50. portspoof is indeed a tool that trolls baddies and pen testers.

Ran it with:

nmap -sV --version-all -p 1-50
 

Really smooth guys, really smooth. Sometimes you have to see the big picture:
big-picture

2 thoughts on “portspoof trolling

  1. SaltwaterC Post author

    I didn’t bother to read the default conf 🙂

    However, having the appropriate monospaced font is important to see “the big picture”. Initially I thought that somehow the thing is broken, until I dumped the output to the terminal.

Leave a Reply

Your email address will not be published. Required fields are marked *