Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Open Port Checker (portchecker.co)
19 points by rk0567 on Aug 23, 2014 | hide | past | web | favorite | 15 comments

How do you plan to prevent abuse? E.g. this website allows someone to portscan another IP without exposing their own IP. Even with a per-IP throttle, someone with a botnet can use this website to effectively portscan any one host without exposing any of their botnet's IPs.

I've been using http://www.canyouseeme.org/ for this purpose. It does have the limitation that it only allows testing the ports of the connecting IP.

Hey, that's a good point. Thanks. I'm still trying to figure out a way for preventing such abuse. Otherwise, I would have to limit the scanning to origin IP.

Related is hxxp://portscan.me/ - which does a nmap scan on the requester. Not a click-able just in case people don't read the purpose before clicking on it. Good for quickly finding out if your port forwarding worked (and it never works).

Technically, the page checks ports that are accessible on the public side of your local router. That can be very useful in checking one's configuration for errors and unintended vulnerabilities.

An usability upgrade would be to allow port ranges, for example I wanted to try 0-1023.

I've something like that for TODO. But I'm not sure whether that would be legal or not ?

What kind of thing is legal to do once but not 65,535 times?

Google for "scan ports" and you'll discover plenty of people offering this service already.

"Sometimes, if a computer system is affected too much by a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an offense. "


Rate limit target IP subnets. 0.1 second timeout per port per IP: ten ports on one IP delays a second, one port on everything in a /24 delays 25.5 seconds. It's useful without being abusive.

You could require verification for >5 ports.

>What kind of thing is legal to do once but not 65,535 times? //

Knock on someone's door? Once is fine, more than about 20 times [in a day] is likely to be seen as a nuisance. You'd have some sort of exclusion order long before you get to 2^16 times.

Legal, yes. Annoying, maybe. You could limit your liability by only allowing scanning of the origin IP, i.e. don't allow the entry of any IP the user wants to enter. That way, the visitor is scanning only his own machine, no one else's.

Thanks, I'm also thinking of limiting the target IP to origin IP, at least for port-range (next feature) scans.

Good tool for terminal-averse people, but I still prefer nmap

IMO, they could just get Zenmap, anyway.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact