What can a website do? So many things these days. But, have you ever considered that it can port scan your LAN? It will fingerprint you with pinpoint precision and uncover hidden internal devices. Surely, a browser wouldn't allow that?

With this presentation, I will introduce a short primer on timing-based, browser-based port scanning using Fetch. Based on this primer, I will discuss three techniques that can scan open ports on the localhost, a NAT router’s presence on the LAN, and open ports of the clients on the LAN. A demo of the proof of concept exploit will be provided, with closing remarks on possible mitigation strategies.

DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions (known as hacking wargames). Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.

Your Clocks Have Ears — Timing-Based Browser-Based Local Network Port Scanner

Conference: Defcon 31

Authors: Dongsung “Donny” Kim IT-Security Expert, Security Office part of Truesec

Abstract

Post a comment

Related work

New Ways of IPV6 Scanning

Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception

Abusing SAST tools! When scanners do more than just scanning

Detecting Malicious Files with YARA Rules as They Traverse the Network

Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol

Breaking the Isolation: Cross-Account AWS Vulnerabilities