Hacker News new | comments | show | ask | jobs | submit login

Scanning the visitor's /24 without notice, warning, or opportunity to opt out is a dick move. Our IDS probably just lit up like a Christmas tree.



Yup. I have a honeypot on my home network that hits Twilio when it gets poked at. So the author at least got my phone to light up.


At least you know it's working!

But yeah, I echo the other commenter wanting to know more about how you set that up.


That sounds awesome, care to share a few more details?


I actually locked myself out except for console access, so some of this is from memory/Googling:

1. Connect Raspberry Pi to local LAN and get wifi setup (I VLAN wireless traffic, so I have it listening/connected to both)

2. Change iptables default policy to DROP

3. Add relevant ALLOW rules to make sure basic stuff like DHCP still works. I added an allow rule to talk to another machine that runs a PHP script that talks to Twilio

4. Spend about a week adding custom DROP rules for any normal broadcast traffic on your network (Bonjour, random auto-discovery stuff, etc)

5. If you have properly excluded everything "normal" you should be able to run "iptables -vL" about 24 hours apart and the packet count next to the INPUT chain policy will not have incremented (remember we have a default of DENY)

6. Add a final rule of 'iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "ZOMG: " --log-level 4'

7. Write a bash script to monitor syslog, parse the log, forward to the before-mentioned script on another host


Very smart!

Just my 2 cents, but I feel like there might be some commercial demand for something like this if you'd ever consider packaging it.


>I actually locked myself out

Hate it when that happens to me...every week.


Sorry! Didn't think about that. It is fixed.


You should leave it in, if the whole point is to demonstrate the capabilities.

It's incredible that a webpage can do that.


I think a button would be more appropriate. Not everyone reads HN on a network they control and port scanning one's neighbors can lead to some unpleasant conversations.


Maybe it's good that more conversations around this are started so that eventually this critique is upstreamed loud enough to the browser vendors.


> It's incredible that a webpage can do that.

How so? Any site you navigate to knows your IP, and can take action based on that.


This isn't based on external IP. This is using JavaScript to make requests inside your LAN.


Yeah I feel like samy.pl demonstrated this years ago, freaked me out and I have been running noscript ever since :D


Weirdly it's wrong for me, there's LAN IPs on the list that don't exist, and it's missing ones that do. Firefox on Ubuntu, with uBlock Origin, over WiFi.


Agreed - good on OP to raise awareness.


You should also fix the copy. You have "To prevent your browser from accessing your Device Orientation use NoScript." appear twice, the second time under "Network Scan".

Congrats on the page!


Thanks for the bug report! It is fixed ;)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: