Port Scanning with JavaScript

From SPI Labs, SPI Dynamics.com

"... Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

This scenario is no longer one of fiction. ..."


SPI Labs has discovered a technique to scan a network, fingerprint all the web-enabled devices it finds, and send attacks or commands to those devices.

This technique can scan networks protected behind firewalls such as corporate networks. All the code to do this is written in JavaScript and uses parts of the standard that are almost 10 years old.

Accordingly, the code can execute in nearly any web browser on nearly any platform when a user simply opens a webpage that contains the JavaScript. Since this is not exploiting any browser bug or vulnerability, there is no patch or defense for the end user other than turning off JavaScript support in the browser.

The code can be part of a Cross Site Scripting (XSS) attack payload, increasing the damage XSS can do.

SPI has published a whitepaper(pdf) and a proof of concept page for port scanning arbitrary IP addresses using this technique.