- cross-posted to:
- tech@kbin.social
- security@programming.dev
- privacyguides@lemmy.one
- cross-posted to:
- tech@kbin.social
- security@programming.dev
- privacyguides@lemmy.one
So I have two questions, first how does a browser stop websites from scanning open ports and second WHY THE FUCK DO WEB SITES SCAN OPEN PORTS
-
if you use firefox you can use this addon
-
fingerprinting (i.e. tracking you), even if you delete cookies etc
But re 1) I’m so confused, how does the browser have access to such information, never mind an addon?
I get that browsers can do way more than tcp port 80 these days, but I didn’t know it can do so much, man.
Or is that sniffing so closely related to the web site itself, i.e. is the actual web server doing it? I would expect that if someone would want to snoop on my network, they’d be using something else than a web server.
Guess I need an eli10 for modern browsers.
https://blog.nem.ec/2020/05/24/ebay-port-scanning/ this explains it pretty well, but not eli10
There are legitimate reasons to scan/connect to ports at localhost, the article even lists some (e.g AVs)
Hm, but browser addons?
I guess I’m mainly confused because the abilities of browser extensions have been so heavily eroded over time. Can’t make an extension to manage bookmarks anymore and lots of other things. So I’m surprised it could do such things.
The screenshot in the article shows Websocket connections from the browser, which I think is the only non-HTTP connection that web pages can make?
Websockets always seemed a confusing technology, as they just kinda ignore the same origin policy that has been a fundamental part of JavaScript security since JavaScript’s creation!
Yea I’ve always been weirded out by it. Thx
In the case of ebay at least, the normal ublock origin seems to prevent this (maybe just incidental that it blocked the loading of the port scanning script?)
Open “web developer tools”, “network” tab and browse to ebay - if uBlock Origin is turned off, after a few seconds you start to see lots of websocket connections as is shown in the article here. With uBlock Origin enabled, I’m not seeing those.
EDIT: Raymond confirms this [reddit link] and asks for some ideas on how to specifically block malicious connections to localhost
Incompatible with Firefox on Android 😔
There are block filter lists for that too but they’re not blocking website that engages in that behaviour more of the attempt-ish.
It is preferable to use a hardware firewall (Eg. pfSense) to block them from occurring with intrusion detection/prevention system, as browser have their limitation.
-
What’s the legality of this?
“Action” How am I supposed to interpret that?
Public reasons behind this behaviour according to some oligarchs:
- Fingerprinting to uniquely identify your machine for future reference.
- Attempting to determine whether your machine is part of a botnet since botnets often use VNC services over various standard ports to control their bots.
A German computer magazine (Heise) wrote about this observation and asked eBay for a statement.
eBay’s answer was:
There is some widely spread software that is either Malware or legit software which can be misused to steal the eBay password. This software is listening on certain TCP ports.
By trying to establish a connection to these TCP ports, the JavaScript of the eBay website tries to find out if such software is currently running.Now the question is, is it justifiable?
Partially fingerprinting sure but to this extent No, it’s data hoarding most likely to be sold to the highest better after all those come with vulnerable servers & infected users or some personal endeavours (Which kind? Not an answer that I’m longing for it really).
Nevertheless, you will have a lot of malicious actors that will gladly take advantage of this opportunity.