Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
I started the thread, it is about being scanned while placing an order on newegg, thus a ZA discussion is off topic
I tell you what, find me a thread on here that stayed 100% on topic and I'll remove my post, otherwise it's staying. I didn't start the ZA discussion, I just commented on it. If your skivies get in a bunch because your thread deviates from what you consider on topic, then all I can say is I wish my life was so serene that I had time to be concerened with such things!
I do have a question about how a port scan even makes it to a software firewall? It should be blocked by the hardware firewall first.
Correct, IF this just came out of the blue, but this didn't as I had a newegg webpage displayed as I was in the process of placing an order. I was actually in the checkout process when the warning appeared. Javascript embedded in the page would contact the server to run the Nmap scan, thus negating the protection SPI, (just basic NAT function provides), and one reason I only allow scripts to run on sites I should be able to trust, otherwise NoScript blocks any script execution.
Once you go to a site, and are not blocking execution of Javascript or ActiveX scripts, they are in, and they gotcha ya by the short hairs, thus the reason I use FF with NoScript, and never use IE.
Correct, IF this just came out of the blue, but this didn't as I had a newegg webpage displayed as I was in the process of placing an order. I was actually in the checkout process when the warning appeared. Javascript embedded in the page would contact the server to run the Nmap scan, thus negating the protection SPI, (just basic NAT function provides), and one reason I only allow scripts to run on sites I should be able to trust, otherwise NoScript blocks any script execution.
Once you go to a site, and are not blocking execution of Javascript or ActiveX scripts, they are in, and they gotcha ya by the short hairs, thus the reason I use FF with NoScript, and never use IE.
You see the irony in that, right? It would have had to attack through an already invoked TDP connection to make it to your computer... one that was already utilized by your browser in this case.
You see the irony in that, right? It would have had to attack through an already invoked TDP connection to make it to your computer... one that was already utilized by your browser in this case.
Yea, that's what I said, I have a very good understanding of the process having worked in networking since the early 90's, and holding a number of certifications.
I also understand the power of Javascript that may be embedded in any site I visit, thus I rely on a firewall, modified hosts file, and utilization of OpenDNS to provided additional layers of protection. But I trusted newegg, as I have used them in the past, and they apparently took advantage of that trust.
I trusted newegg, as I have used them in the past, and they apparently took advantage of that trust.
I'm tellin' ya, you're wrong. You're inferring WAY too much from an ambiguous warning from ZA.
You said something about the javascript initiating the process - well, did you LOOK at the js? Do you have ANY proof other than the ZA popup that Newegg was doing something nefarious?
I'm tellin' ya, you're wrong. You're inferring WAY too much from an ambiguous warning from ZA.
You said something about the javascript initiating the process - well, did you LOOK at the js? Do you have ANY proof other than the ZA popup that Newegg was doing something nefarious?
No, I did not say javascript initiated the process, but was explaining to someone that believed the NAT firewall should prevent any external attacks such as this, that javascript exploits are very powerful if embedded in the page, and javascript is allowed to run.
At the risk of repeating myself, but I guess necessarily, I ain't running ZA.
IP address is within newegg's range, and no I didn't run netstat to see all the specific connections and ports currently open, because I was in a bit of a hurry at the time.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
