Re: Ebay port scans your pc on every visit.

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash via PLUG-discuss
Date:  
To: Main PLUG discussion list
CC: Michael Butash
Subject: Re: Ebay port scans your pc on every visit.
The interesting thing is any network service tends to open ports, and other
local-only applications still tend to as well. This was de facto for
windoze services for years, since they didn't have anything like unix
sockets to avoid network port usage. They usually restrict port usage only
to 127.0.0.1, but if ebay or any other malicious website is using their
scripts against you locally, they HAVE access to even these local only
ports.

Even iptables won't help you here since your pc IS the trusted source AND
destination for the network traffic. No one blocks 127.0.0.1 going to
127.0.0.1, and apparently they are counting on that with this technique.

Even worse, I think about corporate environments where this can be used to
scan for other more "internal" web resources in use in the enterprise.

Apparently nothing new though, found this 2 years ago for Halifax bank
doing the same thing.

https://www.cbronline.com/news/halifax-port-scans

-mb


On Mon, May 25, 2020 at 1:24 AM Steve Litt via PLUG-discuss <
> wrote:

> On Sun, 24 May 2020 20:52:43 -0700
> Harold Hartley via PLUG-discuss <> wrote:
>
> > But I close up ports that doesn't need to be
> > open in order to make my system safe. You'd be surprised at how many
> > ports are open that can leave a system open for attacks.
>
> When you say "close up ports", do you mean make sure there's no
> executable listening at that port, firewalling that port so nothing can
> come in or out, or something else?
>
> SteveT
>
> Steve Litt
> May 2020 featured book: Troubleshooting Techniques
>      of the Successful Technologist
> http://www.troubleshooters.com/techniques
> ---------------------------------------------------
> PLUG-discuss mailing list - 
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss