Menu

Readme - Tutorial

SynAckFlood/PortJammer Project

SynAckFlood doesn't stop port scanners and security scanners, it tries to blind the scanner with an avalanche of false information. how?, well, when the target computer receive SYN packet to a closed port, SynAckFlood generate SYN/ACK Responce such as kernel tcp module, but parallel to it. the result is a avalanche of trash information.

There are many possible defense systems designed to stop portscanners, syn cookies, synackflood, some systems that prevent secuencial port scanner, etc. But what is the principal reason because we dont allow others to see our port list?, The principal reason is Security By Obscurity, the portscan alone are inoffensive, but are the prelude of Security Vulnerability Scan.
PortJammer/SynAckFlood also detect the "complete" sequence of SYN/SYN-ACK/ACK to an obviously unrequested port (139,135,1, etc) and NAT ip address using iptables to a special banner server. Banner server send random "stupid" banner to every port banner-scanned.

Why Security by obscurity?:

There are 2 types of possibles hackers that can damage your system:

Script Kiddie: Ok, supose that an script kiddie tries to scan your system, and have an exploit that has been released and unpatched. Immediatly, when system scan ends, your system will be comprommised.
Real Hacker: A real hacker can bypass synackflood, syn cookies and another methods. sorry. But if you have some of security by obscurity, you can see the failed attemps to hackyou while the hacker discover your system, and you can fight the attack.

The solution is: patch your system, apply very strong security policy (various security levels), and apply security by obscurity to see failed attemps to hack you.

Special geetz to: Xor511, K-Special