Page 1 of 7 123 ... LastLast
Results 1 to 10 of 65
  1. #1
    Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    76

    Default Sites That Scan Through The Browser

    Hi folks,

    Apologies if this isn't the correct part of the forum for this post...

    Just came across an article talking about how some sites silently do local port scans on visitors' machines via JavaScript in the browser. Was wondering what part of Untangle might alert to something like this or if it's even possible to detect/mitigate?

    Will post the links to the articles in the next post (need one more before I can add links!)

  2. #2
    Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    76

  3. #3
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,121

    Default

    Untangle can monitor only traffic that passes through it. JavaScript running on a client machine can be detected only by the outbound traffic it generates. It's not clear to me what to look for in outbound traffic.

    The first article does talk about mitigation techniques.

    What you may do about it

    If you don't want your systems to be port scanned by eBay whenever you connect to the site, you may be able to do something about it.

    1. Block the check.js script in a content blocker.
    2. In some browsers, e.g. Firefox, disable Web Sockets.

    The eBay site loads the check.js script from the following URL currently: https://src.ebay-us.com/fp/check.js

    Something like ||src.ebay-us.com^*/check.js should work.
    Blocking or flagging check.js via Untangle (Web Filter) seems like your best mitigation strategy involving Untangle.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Sure Sam.

    Cool kludges, he says!

  5. #5
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,121

    Default



    The frosting on the cake is that eBay justify this in the name of transaction security. The end justifies the means. Every. Time.

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    exfiltration: online-metrix.net "Computer and Internet Info"
    by ThreatMetrix, owned by LexisNexis

    https://blog.nem.ec/2020/05/24/ebay-port-scanning/
    Last edited by Jim.Alles; 05-25-2020 at 06:28 PM.
    Sam Graf and Armshouse like this.

  7. #7
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,121
    Last edited by Sam Graf; 05-25-2020 at 06:24 PM.

  8. #8
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    well, they tried, anyway

  9. #9
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,121

    Default



    And with check.js blocked, the grumpiness spreads:

    Attachment 10229

    My guess is that eBay uses a JavaScript library for a limited purpose (perhaps), and then sells us.
    Last edited by Sam Graf; 05-25-2020 at 06:38 PM.

  10. #10
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    89

    Default

    Quote Originally Posted by Sam Graf View Post
    Blocking or flagging check.js via Untangle (Web Filter) seems like your best mitigation strategy involving Untangle.
    Am I correct in assuming that this will only work with SSL inspection active?

Page 1 of 7 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2