NopeN was written by Campbell Murray (Twitter @zyx2k) as a solution to a common problem when testing firewall rule sets.  If you do not have a host that positively answers 100% of available ports, for both TCP and UDP, as being open, how do you accurately establish the firewall rules protecting that host.

After multiple iterations, and a lot of research, Campbell has produced a solution in Ruby which utilises IP Tables to achieve 100% reliability of all 65535 ports for both UDP and TCP traffic as being open when scanned with a tool such as Nmap.

Environment
NopeN was developed in a Linux environment and requires both Ruby and IPTables to be installed and enabled.

Appear as though the server answers with a service on all TCP Ports
Save this script as /usr/local/bin/NopeNTCP on your Linux system, chmod +x and execute it to answer all TCP ports as open:

#!/usr/bin/env ruby

#This script was created by Campbell Murray < Twitter @zyx2k >
#When executed it will reply to any TCP connect request on any port.
#It is available for public use, modification and redistribution under the GPL license
#agreement. It is strictly NOT for commercial use.

#NOTES: This script was tested as working on an Ubuntu 11.04 32 bit server instance
#running in VirtualBox on a Fedora 16 KDE operating system. The VM has a 4GB drive and
#1 GB of RAM. The server was installed with a GB keyboard and locale. Apparmour and ufw
#were removed and ruby1.8 installed.
#This is version 0.1 for public release.
#IP Tables have to be modified to send all traffic to port 1.
#Forward all TCP traffic to port 1

system('iptables -t nat -A PREROUTING -m tcp -p tcp -j REDIRECT --to-port 1')

require 'socket'
# Initialise socket to listen and respond on port 1 for TCP
server = TCPServer.open(1)
# TCP Server runs forever

loop {
Thread.start(server.accept) do |client|
# Send a banner to the client
client.puts "Open"
client.close
end
}

Appear as though the server answers with  UDP  Ports as open|filtered
Save this script as /usr/local/bin/NopeNUDP on your Linux system, chmod +x and execute it to answer all UDP ports as open

#!/usr/bin/env ruby

#This script was created by Campbell Murray  < Twitter @zyx2k >
#When executed it will make the system appear to hold every possible UDP port as open.

#It is available for public use, modification and redistribution under the GPL license
#agreement.  It is strictly NOT for commercial use.

#NOTES: This script was tested as working on an Ubuntu 11.04 32 bit server instance
#running in VirtualBox on a Fedora 16 KDE operating system.  The VM has a 4GB drive and
#1 GB of RAM.  The server was installed with a GB keyboard and locale.  Apparmour and ufw
#were removed and ruby1.8 installed.

#This is version 0.1 for public release.

# IP Tables have to be modified to send all traffic to port 2.
#Forward all UDP traffic to port 2
system('iptables -t nat -A PREROUTING -m udp -p udp -j REDIRECT --to-port 2')

require 'socket'

# Sockets to listen and respond on port 2 for UDP
s = UDPSocket.new
#Servers run forever
s.bind(0, 2)
loop {
text, sender = s.recvfrom(2)
remote_host=sender[3]
response = (text.to_i * 2).to_s
}

Both scripts can be run at the same time.  If you want to keep a port live, e.g. SSH then you need to place an IP Table rule above the catchalls.

In order to make the changes permanent, should you wish them to be, follow these steps.

Firstly remove or comment out the iptable commands in the scripts, then set the iptables by running the following as root:

iptables -t nat -A PREROUTING -m tcp -p tcp -j REDIRECT --to-port 1
iptables -t nat -A PREROUTING -m udp -p udp -j REDIRECT --to-port 2

Save the iptables configuration for loading at boot i.e. make permanent

iptables-save > /etc/nopen.rules

Create the file runNopeN in /etc/init.d/ and set chmod +x

Add these lines into the file

#!/bin/sh
iptables-restore /etc/nopen.rules
/usr/local/bin/NopeNUDP &
/usr/local/bin/NopeNTCP &

Next execute:

update-rc.d runNopeN defaults

Now, on every boot the iptables from the nopen.rules file will be loaded and the two scripts, NopeNUDP and NopeNTCP will run.

We hope that this script proves to be useful to you.