all ports open ?

cpghost at cordula.ws cpghost at cordula.ws
Tue Apr 12 15:52:53 PDT 2005


On Tue, Apr 12, 2005 at 08:26:50AM -0700, faisal gillani wrote:
> Well i port scanned couple of internet websites & got
> all ports open from that site , is that a security
> measure ?
> if yes how can i do that ?

First of all, to simulate an open port, all you need is a
little program that accept()s connections (on one port) and
close()s them immediately thereafter. As far as the scanner
is concerned, that port is open, because the peer completed
the TCP handshake.

The next step is to redirect every connection from blocked ports
to that program. This is best done with a firewill, like pf.
The firewall will simply pass the connection attempt along to that
accept()er/close()er program.

The technique of capturing connections and redirecting them to
some dummy (logging!) program is often used in honeypots. If the
logging program does more than just closing the connections it
accepts, it could coax some hints out of the attacker (like logging
the attempted infection vector). This is however seldom used.
Another use for that program is to be very slow after accepting
the connection, resulting in an effective tar pit.

Most firewalls simply reset blocked connections (resulting in
closed ports reports) or silently drop the packets (resulting in
"port firewalled" scan results).

> :)
> thanks
> Faisal

Cheers,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/


More information about the freebsd-questions mailing list