Portspoof is running but nmap -F -sV 127.0.0.1 works

drk1wi / portspoof

Portspoof

http://drk1wi.github.io/portspoof/

Other

964 stars 147 forks source link

Portspoof is running but nmap -F -sV 127.0.0.1 works #26

Closed Belval closed 6 years ago

Belval commented 6 years ago

Clean pull from master OS: Ubuntu 16.04

./configure
make
sudo make install
sudo portspoof -c /usr/local/etc/portspoof.conf -s /usr/local/etc/portspoof_signatures -D1

When I run nmap I see the process in htop but nmap -F -sV 127.0.0.1 doesn't show any spoofed port.

deatharse commented 6 years ago

Have you tried it on the external IP address instead of the loopback IP?

Belval commented 6 years ago

I have not, but the doc seemed to imply that it would work.

I will try this later today.

deatharse commented 6 years ago

Its been ages since I looked at this but the IPtables config and the init script bind the prerouting to eth0. When you try it on 127.0.0.1 that would use the lo interface instead so the prerouting rules are not applied, no?

Belval commented 6 years ago

Issue was indeed with the interface.

Thank you.

deatharse commented 6 years ago

No problem.