Software that responds as if all ports are open

CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
Does software like that provide "good" security at all? Say if someone were to use a port scanner like NMAP and I had this daemon like service running to respond to all probes on all ports as if every port was open. The NMAP scanner (the person) wouldn't know which ports were open and which weren't. Do companies use software like this and is it effective or does it bog down the system by constantly running?
Currently reading: Network Warrior, Unix Network Programming by Richard Stevens

Comments

  • MickQMickQ Member Posts: 628 ■■■■□□□□□□
    Basically like a firewall? Depends on whether or not it can have the usual attacks (buffer, stack overflow, etc) run successfully (or not!) against it. Network gurus, what say you?
  • NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    CodeBlox wrote: »
    Does software like that provide "good" security at all? Say if someone were to use a port scanner like NMAP and I had this daemon like service running to respond to all probes on all ports as if every port was open. The NMAP scanner (the person) wouldn't know which ports were open and which weren't. Do companies use software like this and is it effective or does it bog down the system by constantly running?

    You can implement thing like honeypots which simulate running services and open ports, but in reality they are just for data capture and to divert hackers/attackers away from your real systems. You could also go the other direction and use port knocking which allows you to only keep ports you know open, but have them appear closed until you "knock" first.
  • Fugazi1000Fugazi1000 Member Posts: 145
    I would say that security through obscurity is not security.

    Once a port is seen as listening, then some fingerprinting would reveal that it's not really. This would draw attention that somebody is trying to 'hide' something. If this is done as a matter of course, then techniques will develop to automatically discard the 'dummy listeners'. Back to square one, with nothing much gained.
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Didn't really consider fingerprinting. I am an amateur coder, I was wanting to write something that did this. Polling ports for incoming traffic could be a LITTLE effective right? Or just plain useless?
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
Sign In or Register to comment.