NAME
    bportmapd - portmap emulation service

SYNOPSIS
    add solaris <protocol> port 111 "perl bportmapd --proto <protocol>
    --host /honeyd/rpc/solaris-2.7 --srcip $ipsrc --dstip $ipdst --srcport
    $srcport --dstport $dport --logfile /tmp/log --logall

DESCRIPTION
    bportmapd is a server that converts RPC program numers into DARPA
    protocol port numbers. As in, portmap for those of you that do not read
    RFCs. This implementation of portmap can emulate pre-defined hosts by
    parsing portmap dump files (as in the output of 'rpcinfo -p <IP>').

    bportampd can also support acting like other RPC based programs, but
    this support is limited. Currently, bportmapd can fake out a number of
    RPC based exploits.

OPTIONS
    --debug
        Increases the debug verbose level.

    --protocol <protocol>
        Sets the protocol.

    --host <hostfile>
        Sets the hosts dump file to use for emulating portmapd.

    --host <logfile>
        Sets the logfile.

    --logall
        Log all requests.

    --accept
        Respond with a port for any program requested. (USEFUL FOR
        HONEYPOTS!)

    --srcip
        Set the Source IP address for logs

    --dstip
        Set the Destination IP address for logs

    --srcport
        Set the Source Port for logs

    --dstport
        Set the Destination Port for logs

    If a logging is enabled then the request is logged to file in this
    format:

       srcip:srcport -> dstip:dstport PAYLOAD_IN_HEX_HERE

NOTES
    I have been using bportmapd for the last three weeks. I use it to
    emulate portmapd and RPC services that I have for vulnerabilities for
    which I have exploits but not vulnerable servers while I am writing
    snort rules. I have been able to fool statd, tooltalk, rquota, and
    sadmind exploits into firing on bportmapd which logs the full request in
    HEX format (which makes writing snort rules easy :)

    Unfortunatly, honeyd has a few limitations that I can't work around. I
    have written support for SET/UNSET and PROXY but have not released this
    support because a program can not signal honeyd to dynamically open and
    close ports on a host. (Perhaps an idea for a patch anyone?)

    Also, honeyd has another bug in its configuration parser. Default
    commands are not handled properly. The quick and dirty workaround for
    honeypot usage is to add a configuration line for every port.

AUTHOR
    Brian Caswell <bmc@snort.org>

REPORTING BUGS
    Report bugs to <bmc@snort.org>

THANKS
    Thanks to Niels Provos for writing honeyd

COPYRIGHT
    Copyright (c) 2003 Brian Caswell

SEE ALSO
    rpcinfo(5), rpc(5), portmap(8), honeyd(8), inetd(8)

BUGS
    bportmapd doesn't handle rpc record fragmentation properly. bportmapd
    handles it gracefully (well, not really ;P) by returning an error.

