Noscript is causing router to issue a cookie

[ewodrich]

Greetings,

First I am a total newbie to noscript so I hope that some kind soul will properly answer this question.

I am noting a behaviour I have not seen prior to installing noscript in firefox.

With the WAN IP Local box checked on the ABE tab of the options dialog, any first access to the web is causing my router to request setting a cookie utilizing the external dynamic IP set by my ISP.

Is this a known behaviour and if so why is it happening?

Lacking a specific help dialog for this setting, what exactly is it doing?

Thank you in advance.

[Tom T.]

When a connection is initiated, ABE checks for the IP address assigned by your ISP, so that it can do its main job of distinguishing "outside world" from "my local network and resources".

I've never heard of an ISP setting a cookie merely because of that one-time check. Mine doesn't; in fact, my ISP never sets cookies of its own at all, unless of course I visit their web site. If you uncheck the "WAN IP" box, terminate your connection, and reconnect, does the cookie still get sent?

What happens if you use Firefox's built-in cookie permissions management to refuse the cookie?

You may wish to contact your ISP, to find out why it is trying to set a cookie, and if it is really necessary. (I. e., could they please stop doing that?)
I can speculate on some possible answers, but none make sense. Would like to hear what they say.

[ewodrich]

Greetings,

Tom, thank you for the reply. I am unsure as to whether the cookie is coming from the ISP or the router they have supplied me with. If I uncheck the box in the Noscript options the cookie is not issued to me. From what we can see of the cookie it appears that it may be getting issued by the router itself. With the box checked, any attempt to make a contact using internet services (even signing in to the router itself) results in the cookie being issued. When I have denied the cookie I don't think there has been any major problem. The ISP is Verizon. They don't seem to have policies that allow for high enough level support to help with "custom" answers. However, I will attempt to see if they may help. This is the first time I have ever seen this behaviour as well. I don't understand what it would accomplish.

Thank you again.

[Tom T.]

I am unsure as to whether the cookie is coming from the ISP or the router they have supplied me with.

Ah, so it is not a router that you yourself bought and own. Mine (which I own) does not set cookies even when I login to the router's administrative interface. (It does, however, require allowing scripting, even though there is no Internet connnection, due to script built into the firmware/interface.) Of course I am not familiar with all brands of routers, but have never heard of this situation before.

However, if the router is provided by Verizon, then they control it remotely.

From what we can see of the cookie it appears that it may be getting issued by the router itself.

Let's find out. Disconnect the router from the Internet, and login to its administrative page. Presumably, you get the cookie(s).
Open Firefox Tools > Options > Privacy and click "Show Cookies". If they are in a folder, expand (open) the folder.

Double-click each cookie in turn. My cookies from Yahoo mail identify themselves as such: (third line; content is displayed at the bottom of the cookie window)

Code: Select all

Domain: .mail.yahoo.com

Etc.

If your cookie has a domain name of Verizon, or associated with it, then we're back to asking them why. Or it may have a domain of D-Link, Linksys, Cisco, etc. Still probably motivated by Verizon and not by the manufacturer. I know and understand the frustration of not being able to get through to those with actual knowledge, as opposed to those with a reference guide in front of them.

However, if denying the cookie doesn't break anything, then simply set it as a permanent "Block" in Firefox. End of problem.

This is the first time I have ever seen this behaviour as well. I don't understand what it would accomplish.

OK, I will speculate once. The IP check by ABE is somewhat like a ping, and may be perceived as such by the ISP. This minuscule request is totally harmless, but massive floods of ping requests have been used for Denial of Service (DoS) attacks intended to overload a web site so that others cannot reach it.

If so, perhaps Verizon is setting the cookie to identify the sender, so that if multiple such requests are received from the same sender in a very short period of time, it will refuse to answer them, or perhaps block that account temporarily.

This is a long shot, but it doesn't matter. The situation as-is, with the cookie permanently denied, seems to cause no harm to either you or Verizon.
But it would be interesting to see the domain name on the cookies.

Thank you again.

You're quite welcome. Always interesting to see a phenomenon for the first time.