{"id":4342,"date":"2025-01-03T07:20:51","date_gmt":"2025-01-02T22:20:51","guid":{"rendered":"https:\/\/matoken.org\/blog\/?p=4342"},"modified":"2025-01-03T07:20:53","modified_gmt":"2025-01-02T22:20:53","slug":"portsproof","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2025\/01\/03\/portsproof\/","title":{"rendered":"Portsproof\u3067\u5168TCP\u30dd\u30fc\u30c8\u3092\u958b\u3051\u3066\u653b\u6483\u8005\u3092\u8ff7\u308f\u305b\u308b"},"content":{"rendered":"<p><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"48\" height=\"48\" viewBox=\"0 0 24 24\"><rect width=\"24\" height=\"24\" fill=\"none\"\/><path fill=\"none\" stroke=\"currentColor\" d=\"M12 4.5a2 2 0 1 0 0-4a2 2 0 0 0 0 4Zm0 0v19M7 15c-2 0-3.5-1-5-3h-.5c0 4.68 3.06 8.643 7.29 10c1.21.4 2.21.5 3.085 1.5h.25C13 22.5 14 22.4 15.211 22c4.228-1.357 7.289-5.32 7.289-10H22c-1.5 2-3 3-5 3M7 7.5s2.5 1 5 1s5-1 5-1\"\/><\/svg><!-- guidance:port --><\/p>\n<div class=\"paragraph\">\n<p>mastodon\u306eTL\u306b\u6d41\u308c\u3066\u304d\u3066\u6c17\u306b\u306a\u3063\u305fPortsproof<\/p>\n<\/div>\n<p><iframe src=\"https:\/\/fedibird.com\/@matsuu\/113741930822802446\/embed\" class=\"mastodon-embed\" style=\"max-width:100%;min-height:200px;border:0\" width=\"400\"><\/iframe><br \/>\n<script src=\"https:\/\/fedibird.com\/embed.js\" async=\"async\"><\/script><\/p>\n<div class=\"paragraph\">\n<p>\u9762\u767d\u305d\u3046\u3067\u3059\uff0e\u30ed\u30fc\u30ab\u30eb\u74b0\u5883\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"http:\/\/drk1wi.github.io\/portspoof\/\">Portspoof &#8211; A new approach to fight back port and service scanners.<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<p><!--more--><\/p>\n<div class=\"listingblock\">\n<div class=\"title\">Portsproof\u3092build<\/div>\n<div class=\"content\">\n<pre>$ git clone https:\/\/github.com\/drk1wi\/portsproof\n$ cd portsproof\n$ .\/configure\n$ make<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">iptable\u3067TCP\u5168\u30dd\u30fc\u30c8\u3092Portsproof\u306e4444\u306b\u5411\u3051\u308b<\/div>\n<div class=\"content\">\n<pre>$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">Portsproof\u3092\u8d77\u52d5<\/div>\n<div class=\"content\">\n<pre>$ .\/src\/portspoof -1vd\n-&gt; Generating fuzzing payloads internally!\n-&gt; Verbose mode on.\n-&gt; Syslog logging disabled.<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">nmap\u3067tcp 1-22\u3092\u30b9\u30ad\u30e3\u30f3\uff0c\u5143\u3005\u306f22\u756a\u3057\u304b\u8d77\u52d5\u3057\u3066\u3044\u306a\u3044\u304c1-22\u5168\u3066open\u306b\u306a\u308b<\/div>\n<div class=\"content\">\n<pre>$ nmap -p 1-22 192.168.0.23\nStarting Nmap 7.95 ( https:\/\/nmap.org ) at 2025-01-03 06:50 JST\nNmap scan report for raspberrypi.AirPort (192.168.0.23)\nHost is up (0.013s latency).\n\nPORT   STATE SERVICE\n1\/tcp  open  tcpmux\n2\/tcp  open  compressnet\n3\/tcp  open  compressnet\n4\/tcp  open  unknown\n5\/tcp  open  rje\n6\/tcp  open  unknown\n7\/tcp  open  echo\n8\/tcp  open  unknown\n9\/tcp  open  discard\n10\/tcp open  unknown\n11\/tcp open  systat\n12\/tcp open  unknown\n13\/tcp open  daytime\n14\/tcp open  unknown\n15\/tcp open  netstat\n16\/tcp open  unknown\n17\/tcp open  qotd\n18\/tcp open  msp\n19\/tcp open  chargen\n20\/tcp open  ftp-data\n21\/tcp open  ftp\n22\/tcp open  ssh\n\nNmap done: 1 IP address (1 host up) scanned in 1.19 seconds<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u3053\u306e\u3068\u304d\u306ePortsproof\u306elog\u306e\u4e00\u90e8<\/div>\n<div class=\"content\">\n<pre> new conn - thread choosen: 0 -  nr. of connections already in queue: 0\n new conn - thread choosen: 0 -  nr. of connections already in queue: 1\n new conn - thread choosen: 0 -  nr. of connections already in queue: 2\n new conn - thread choosen: 0 -  nr. of connections already in queue: 3<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">OS\u30b9\u30ad\u30e3\u30f3\u3092\u3057\u3066\u307f\u308b\u306846\u5206\u3082\u639b\u304b\u308b(Portsproof\u3092\u8d77\u52d5\u3057\u306a\u3044\u5834\u5408 <code>0m43.604s<\/code> \u3067\u7d42\u308f\u308b)<\/div>\n<div class=\"content\">\n<pre>$ time sudo nmap -AO 192.168.0.23\n  :\nreal    46m1.292s\nuser    0m0.085s\nsys     0m0.017s<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u3053\u306e\u3068\u304d\u306ePortsproof\u306e\u30ed\u30b0\u3092\u898b\u308b\u3068\u9069\u5f53\u306asignature\u304c\u51fa\u529b\u3055\u308c\u3066\u3044\u308b<\/div>\n<div class=\"content\">\n<pre>---\nThread nr.0 for port 17\nsignature sent -&gt; \\4c\\d8\\1a\\6d\\75\\7b\\1c\\51\\89\\5d\\4\\f1\\83\\ec\\e7\\e8\\3b\\b5\\1d\\2b\\36\\8f\\e2\\ad\\da\\75\\e1\\ac\\ec\\96\\27\\b8\\ee\\41\\a5\\65\\3c\\42\\36\\c5\\9f\\3b\\b8\\a3\\28\\20\\8c\\e2\\56\\aa\\8d\\8c\\3a\\71\\3a\\15\\e6\\9c\\42\\53\\33\\69\\c\\a2\\2b\\b1\\8\\67\\73\\3e\\ad\\14\\f8\\e5\\b7\\a0\\6\\c3\\84\\5c\\6e\\91\\68\\28\\3\\a3\\bd\\69\\bf\\00\n---<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u3068\u3044\u3046\u611f\u3058\u3067\u9762\u767d\u3044\u3067\u3059\uff0eTarpit\u7684\u306b\u3082\u4f7f\u3048\u305d\u3046?<\/p>\n<\/div>\n<div class=\"admonitionblock note\">\n<table  class=\" table table-hover\" >\n<tr>\n<td class=\"icon\">\n<div class=\"title\">Note<\/div>\n<\/td>\n<td class=\"content\">\n<div class=\"paragraph\">\n<p>SSH Tarpit\u306eEndlessh\u306b\u3064\u3044\u3066\u306f\u3053\u3061\u3089<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/matoken.org\/blog\/2019\/03\/26\/use-endlessh-to-handle-ssh-connections-very-slowly-and-harass-attackers\/\">Endlessh \u3092\u4f7f\u3063\u3066 ssh \u63a5\u7d9a\u3092\u3068\u3066\u3082\u3086\u3063\u304f\u308a\u3068\u51e6\u7406\u3057\u3066\u653b\u6483\u8005\u306b\u5acc\u304c\u3089\u305b\u3092\u3059\u308b \u2013 matoken&#8217;s meme<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u74b0\u5883<\/div>\n<div class=\"content\">\n<pre>$ git log --pretty=oneline -1\n89d5ecc6b681037865a4557ec8c374286302b840 (HEAD -&gt; master, origin\/master, origin\/HEAD) Merge pull request #51 from AbelLykens\/patch-1\n$ lsb_release -dr\nNo LSB modules are available.\nDescription:    Raspbian GNU\/Linux 12 (bookworm)\nRelease:        12\n$ arch\narmv7l\n$ grep ^Model \/proc\/cpuinfo\nModel           : Raspberry Pi 3 Model B Rev 1.2<\/pre>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>mastodon\u306eTL\u306b\u6d41\u308c\u3066\u304d\u3066\u6c17\u306b\u306a\u3063\u305fPortsproof \u9762\u767d\u305d\u3046\u3067\u3059\uff0e\u30ed\u30fc\u30ab\u30eb\u74b0\u5883\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e Portspoof &#8211; A new approach to fight back port  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":""},"categories":[809,6,546],"tags":[1169,1168,1167],"class_list":["post-4342","post","type-post","status-publish","format-standard","hentry","category-bookworm-raspberry-pi-os","category-linux","category-raspberry-pi-os","tag-1169","tag-nmap","tag-portsproof"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/4342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=4342"}],"version-history":[{"count":2,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/4342\/revisions"}],"predecessor-version":[{"id":4344,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/4342\/revisions\/4344"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=4342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=4342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=4342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}