New Browser Tool Helps Detect Local Port Scanning by Websites

Behave! - a new browser extension - warns you against websites using scripts to conduct scans or attacks on private and local IP addresses on your network.

The background

  • In May, it was found that websites of some reputed organizations, such as TD Bank, eBay, and Citibank, port scan a visitor’s computer to detect Windows remote access programs running on it. Although the reasons behind this behavior can vary, the users subjected to it can find it a violation of their privacy.
  • Moreover, threat actors can use embedded JavaScript on websites to perform DNS rebinding attacks. 

The Behave! extension

Built by Stefano di Paola, this extension warns users of sites that exploit browser features to conduct malicious attacks or scans on a user’s computer. This extension monitors IP addresses belonging to:
  • Loopback addresses IPv4 127.0.0.1/8
  • Loopback addresses IPv6 ::1/128
  • Private Networks IPv4 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16
  • Unique Local Addresses IPv6 fc00::/7

However, a bug in Behave! may cause false positives on DNS Rebinding alerts. The new bug-free version is awaiting approval from Google.
 

The bottom line

The bottom line is that netizens can stay of aware of web security threats, especially abusive behavior from websites, by installing this extension to detect and block them.