←back to thread

I can see your local web servers

(http.jameshfisher.com)
652 points jamesfisher | 10 comments | 28 May 19 07:57 UTC | HN request time: 0.366s | source | bottom
1. jsty ◴[28 May 19 09:25 UTC] No.20028486[source]
"If you see any results like 192.168.0.4:3000 is available!, you should tell your colleague to secure whatever she has running on that port"

Someone's going to access this page at $BIGCORP with an overly trigger-happy IDS and get a fun morning meeting with IT to un-quarantine their machine.

replies(2): >>20028575 #>>20030080 #
2. chrisan ◴[28 May 19 09:46 UTC] No.20028575[source]
edit: I am a dolt. Thank you :)

I got this address as well, do you have anything running on .4?

It's just weird because I have .1 router, .2 AP, .3 pi-hole

then .10 is when I start my static IPs

and .100 is where my dhcp starts

nmap says that host is down as well

replies(3): >>20028611 #>>20028616 #>>20028661 #
3. coob ◴[28 May 19 09:53 UTC] No.20028611[source]
That just the example in the description, not the scan results.
4. jsty ◴[28 May 19 09:54 UTC] No.20028616[source]
I think that's just the hardcoded example in the text, considering it's still there when I viewed with no scripts enabled (and I'm on a network that doesn't have anything assigned in 192.168.0.0/16).
5. hanslet ◴[28 May 19 10:05 UTC] No.20028661[source]
The page is using JavaScript with the JS WebRTC interface RTCPeerConnection[0]. Maybe that can help.

[0] https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConn...

6. nostalgk ◴[28 May 19 14:02 UTC] No.20030080[source]
Yup, excited for the meeting. Haven't seen those guys in a while.

Was expecting to learn some security techniques, instead got essentially port scanned :)

replies(1): >>20031596 #
7. jschwartzi ◴[28 May 19 16:21 UTC] No.20031596[source]
Whereas I'm learning that my network is fairly secure against this type of port scanning.
replies(2): >>20031895 #>>20032747 #
8. ◴[28 May 19 16:49 UTC] No.20031895{3}[source]
9. nostalgk ◴[28 May 19 18:09 UTC] No.20032747{3}[source]
Of course, mine was too. I'm sure in part due to the diligent security team that will be stopping by my desk in the next few days!
replies(1): >>20035685 #
10. jschwartzi ◴[29 May 19 00:07 UTC] No.20035685{4}[source]
Since I work from home I'm both the security team and the guy who inadvertently ran a port scanner in his web browser.