
Show HN: Open Port Checker - rk0567
http://portchecker.co
======
CyberShadow
How do you plan to prevent abuse? E.g. this website allows someone to portscan
another IP without exposing their own IP. Even with a per-IP throttle, someone
with a botnet can use this website to effectively portscan any one host
without exposing any of their botnet's IPs.

I've been using [http://www.canyouseeme.org/](http://www.canyouseeme.org/) for
this purpose. It does have the limitation that it only allows testing the
ports of the connecting IP.

~~~
rk0567
Hey, that's a good point. Thanks. I'm still trying to figure out a way for
preventing such abuse. Otherwise, I would have to limit the scanning to origin
IP.

------
nwh
Related is hxxp://portscan.me/ \- which does a nmap scan on the requester. Not
a click-able just in case people don't read the purpose before clicking on it.
Good for quickly finding out if your port forwarding worked (and it never
works).

------
lutusp
Technically, the page checks ports that are accessible on the public side of
your local router. That can be very useful in checking one's configuration for
errors and unintended vulnerabilities.

------
plumeria
An usability upgrade would be to allow port ranges, for example I wanted to
try 0-1023.

~~~
rk0567
I've something like that for TODO. But I'm not sure whether that would be
legal or not ?

~~~
dsr_
What kind of thing is legal to do once but not 65,535 times?

Google for "scan ports" and you'll discover plenty of people offering this
service already.

~~~
rk0567
"Sometimes, if a computer system is affected too much by a port scan, one can
argue that the port scan was, in fact, a denial-of-service (DoS) attack, which
is usually an offense. "

[http://www.sans.org/security-
resources/idfaq/port_scanning_l...](http://www.sans.org/security-
resources/idfaq/port_scanning_legal.php)

~~~
dsr_
Rate limit target IP subnets. 0.1 second timeout per port per IP: ten ports on
one IP delays a second, one port on everything in a /24 delays 25.5 seconds.
It's useful without being abusive.

------
joeyspn
Good tool for terminal-averse people, but I still prefer nmap

~~~
robobro
IMO, they could just get Zenmap, anyway.

