LAND DoS

[solistic]

Ever since I updated NoScript to v.2, I have been receiving reports from my router suggesting that I have become the victim of a LAND DoS attack. This report (three copies) would be generated every time I started Firefox.

Message: LAND
Source: xx.xxx.164.33, 1316
Destination:xx.xxx.164.33, 80 (from ATM1 Inbound)

Eventually, I traced it to Noscript, and have now uninstalled v.2 and reverted to v.1.9.9.97. It seems to be related to the ABE feature.

What, I would like to know, is actually going on here? Noscript appears to be generating traffic, which is then being returned (and blocked by my router). It was certainly unexpected and has caused me a considerable amount of disruption in trying to get to the root of the problem.

[Guest]

http://hackademix.net/2010/07/28/abe-pa ... ur-routers

[Giorgio Maone]

You may also be interested in http://forums.informaction.com/viewtopi ... 362#p20362

On a side note, a request of a few bytes every 5 minutes from a LAN PC hardly qualifies as a "DOS", however next version will raise the default interval to 15 mins...

[solistic]

You may also be interested in http://forums.informaction.com/viewtopi ... 362#p20362

On a side note, a request of a few bytes every 5 minutes from a LAN PC hardly qualifies as a "DOS", however next version will raise the default interval to 15 mins...

Thank you. I have already seen this post. However, the issue of a few bytes every five or fifteen minutes is irrelevant. What is relevant is the fact that I have spent three unproductive days trying to figure out what was going on, so it is not helpful to be so dismissive of my concerns. All I knew was that something was happening, but what exactly it was I did not know.

I note somewhere that you defend the activities of the ABE feature by saying that it is documented within the EULA. We all know that, generally, the EULA is as useful as an igloo in the desert, even when first installing a program. It becomes even less useful when upgrading. As it happens, I was not aware of the EULA being presented to me, either during installation or upgrade. Referring to an EULA as a defence, smacks of the sort of defense that dodgy software marketers employ to justify the existence of their unwanted products - it is certainly not to be expected in reference to a supposedly reliable security software product.

I originally installed Noscript because it was designed to prevent unwanted scripts from running in web pages. That is what i wanted, and is still what I want. The fact that Noscript now appears to be communicating with and testing router defences, without authorisation or knowledge of the network owner, suggests to me that the Noscript developers have lost their way and are permitting 'function creep' into their product. The product is in danger of becoming bloatware.

I run my own computer repair business, and I am in a position to recommend software to a large number of people. In fact, i have in the past, recommended Noscript to my customers, but I shall be reconsidering that advice, in light of my experiences and your dismissive attitude.

[Giorgio Maone]

Thank you. I have already seen this post. However, the issue of a few bytes every five or fifteen minutes is irrelevant. What is relevant is the fact that I have spent three unproductive days trying to figure out what was going on, so it is not helpful to be so dismissive of my concerns. All I knew was that something was happening, but what exactly it was I did not know.

That's exactly why I've added the User Agent modification which I was talking about in that post which you claimto have already seen.
If I was "dismissive", I wouldn't have further change this feature in order to help people in your position to quickly figure out what's going on even if they don't read NoScript's release notes, the privacy policy and the news articles about this feature which were published, for instance, on The Register and Heise.

I note somewhere that you defend the activities of the ABE feature by saying that it is documented within the EULA.

NoScript is free software, and as such has no EULA whatsoever. Maybe you mean the Privacy Policy? Or the release notes? or my blog? or the news announcing the new feature?

Furthermore, I don't need to "defend" the activities of ABE. I could as well leave them as they were before, but in the light of the widespread router flaw they wouldn't have been as effective as originally specified anymore, hence from my point of view (and the point of view of users which relied on it for intranet security) that was a bug in need of a fix.
On a side note, this feature which according to you I should need to "defend", did cost me an auto-inflicted initial DOS and still costs me lots of traffic GB and CPU cycles because of the millions of ipecho pings my servers gets daily in order to ensure its reliability. If I was motivated by anything else than making NoScript an effective security tool I would much better (financially speaking) drop this feature right now.

The fact that Noscript now appears to be communicating with and testing router defences, without authorisation or knowledge

This is not a fact, it's just your speculation. NoScript is just reading whatever responds on the WAN IP, in order to detect changes and have a hint about that IP being reassigned to a different user.
That's not "testing router defences", it's just taking a necessary step to defend your LAN.

I run my own computer repair business, and I am in a position to recommend software to a large number of people. In fact, i have in the past, recommended Noscript to my customers, but I shall be reconsidering that advice, in light of my experiences and your dismissive attitude.

I'm grateful for the word you spread in the past and sad for you reconsidering that, but you can't call me "dismissive", because I pointed you to a way to disable this feature if it really was a concern, tried to give as much publicity as possible to this feature (without making it opt-in because 99% of users, if asked by a prompt, wouldn't have easily figured out what was best to choose) and already changed it in order to be easier to discover even for those who don't read software documentation.