Source code and details: https://github.com/umutcamliyurt/PortTripper
How it works
On startup PortTripper:
- Scans the configured port range and builds a whitelist of ports already in use by real services (first run only).
- Draws a cryptographically random sample of up to
-maxportsports from the range, excluding whitelisted ports. Usingcrypto/randfor selection means the open set is unpredictable to an attacker even if they know the configured range. - Binds TCP and UDP listeners on every chosen port.
- On TCP: accepts connections, holds them open for a configurable duration, then drops them, wasting the scanner’s threads and file descriptors.
- On UDP: reads and discards datagrams without replying, so ports appear
open|filteredto scanners rather thanclosed.
All real service ports are untouched because they are already bound before PortTripper starts, and the auto-generated whitelist tells PortTripper to skip them.
I can understand caution before adding something new in case it causes problems, but I think most of your concerns are addressed on the github page.
I’d prefer this to be written in a compiled language as that would be less likely to fail due to external issues, but I think this would work for someone trying to slow down anyone once they’ve found an open port… and that’s probably the root issue.
Go isn’t compiled?
It is.
I think my wording wasn’t the best… I was implying that I preferred a compiled application over something interpreted to address the points.
There’s nothing wrong with interpreted languages. And go is in fact compiled so…
I agree with both of your statements.
For security applications, I prefer a compiled application as it’s more difficult to alter in situ.