The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task.
Here is an example nmap scan result against system running portspoof:
– default scan took about 800s (instead of 20s)
– CPU usage was at 0,5%
– memory usage was at 0,5%
– one legitimate service is running on port in range of 1-65535 – all the rest is fake
– portspoof will bind only to one port