The interesting thing is any network service tends to open ports, and other local-only applications still tend to as well. This was de facto for windoze services for years, since they didn't have anything like unix sockets to avoid network port usage. They usually restrict port usage only to 127.0.0.1, but if ebay or any other malicious website is using their scripts against you locally, they HAVE access to even these local only ports.

Even iptables won't help you here since your pc IS the trusted source AND destination for the network traffic. No one blocks 127.0.0.1 going to 127.0.0.1, and apparently they are counting on that with this technique.

Even worse, I think about corporate environments where this can be used to scan for other more "internal" web resources in use in the enterprise.

Apparently nothing new though, found this 2 years ago for Halifax bank doing the same thing.

https://www.cbronline.com/news/halifax-port-scans

-mb

On Mon, May 25, 2020 at 1:24 AM Steve Litt via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:

On Sun, 24 May 2020 20:52:43 -0700
Harold Hartley via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:

> But I close up ports that doesn't need to be
> open in order to make my system safe. You'd be surprised at how many
> ports are open that can leave a system open for attacks.

When you say "close up ports", do you mean make sure there's no
executable listening at that port, firewalling that port so nothing can
come in or out, or something else?

SteveT

Steve Litt
May 2020 featured book: Troubleshooting Techniques
of the Successful Technologist
http://www.troubleshooters.com/techniques
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss