|
|
|
|
| |
Credit:
The information has been provided by Unmanarc.
Visit the project's homepage at: http://synackflood.unmanarc.com/
The tool can be downloaded from SourceForge: http://sourceforge.net/project/showfiles.php?group_id=101035&package_id=120220&release_id=243879
|
| |
SynAckFlood doesn't stop port scanners and security scanners, it tries to blind the scanner with an avalanche of false information. How?, well, when the target computer receive SYN packet to a closed port, SynAckFlood generates a SYN/ACK Responce such as the kernel tcp module, but parallel to it. The result is a avalanche of trash information.
There are many possible defense systems designed to stop portscanners, syn cookies, synackflood, some systems that prevent sequencial port scanner, etc. But why don't we allow other people to see our port list? The principal reason is Security By Obscurity, the portscan alone are inoffensive, but are the prelude of security vulnerability scan. Another advantage of synackflood is that it blocks the attacker's ip address while the scan ends, also sending trash information (1K /dev/urandom at all ports)
Portjammer basically sends a SYN/ACK response to every SYN packet that arrives to an un-open port. The consequence has a curious effect on scanners: All ports are open..., TCP Seq prediction fails, some scanners crash. Portjammer also has a block policy - if you try to make a complete TCP initialization sequence (SYN-SYN/ACK-ACK) to unsolicited port, your IP address will be redirected to "random banner server". The random banner server sends "oldest fakes banners" for each port... On most scanners this results with a "flood" of vulnerabilities.
PortJammer was written in C++ and uses libpcap and rawsockets.
To see screenshots of several scanners which crashed due to Portjammer see: http://www.unmanarc.com/public/portjammer/
|
|
|
|
|
|
|
