NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
It does in order to detect when (if) you get assigned a different IP, by "fingerprinting" the first response and then comparing it with the subsequent ones.lkdsk wrote:I do understand that Noscript will connect to an outside server to determine the Wan Ip but could you provide some more information on what Noscript attempts to do by connecting to the router using the WanIp?
Thanks for the explanation. I assume because my router doesn't respond to the connection attempt that it's not able to do the proper fingerprinting however.Giorgio Maone wrote:It does in order to detect when (if) you get assigned a different IP, by "fingerprinting" the first response and then comparing it with the subsequent ones.lkdsk wrote:I do understand that Noscript will connect to an outside server to determine the Wan Ip but could you provide some more information on what Noscript attempts to do by connecting to the router using the WanIp?
This helps in keeping the WAN IP mapping up-to-date without sending frequent requests out to https://secure.informaction.com/ipecho.php (just one when you start the browser or every 24 hours).
I believe that because remote administration isn't enabled, the router tries not to accept connections it doesn't think is from the Lan.GµårÐïåñ wrote: Also, why wouldn't your router respond to it given that its port 80. If it can't make connection to that, then you wouldn't be able to browse the web. If you can browse the web, then your router allows this connection and it works just fine.
That's a good thing, because it means your router is not affected by the bug which this feature was meant to mitigate, i.e. the router accepting connections from the LAN to its WAN IP even though the remote admin interface was disabled (and therefore it wouldn't respond from the WAN).lkdsk wrote:I believe that because remote administration isn't enabled, the router tries not to accept connections it doesn't think is from the Lan.GµårÐïåñ wrote: Also, why wouldn't your router respond to it given that its port 80. If it can't make connection to that, then you wouldn't be able to browse the web. If you can browse the web, then your router allows this connection and it works just fine.
Oh, right.Giorgio Maone wrote:That's a good thing, because it means your router is not affected by the bug which this feature was meant to mitigate, i.e. the router accepting connections from the LAN to its WAN IP even though the remote admin interface was disabled (and therefore it wouldn't respond from the WAN).lkdsk wrote:I believe that because remote administration isn't enabled, the router tries not to accept connections it doesn't think is from the Lan.GµårÐïåñ wrote: Also, why wouldn't your router respond to it given that its port 80. If it can't make connection to that, then you wouldn't be able to browse the web. If you can browse the web, then your router allows this connection and it works just fine.
You are correct and I understood what you meant and Giorgio has already responded so I won't beat a dead horse here; however, doing the echo and getting you WAN IP it can ensure that a baddie doesn't spoof your router to gain access. So if you have it setup to ignore external access, just like I have mine set, then you wont have this issue and you are fine. I personally have a VPN allowing me to access my OWN machine and then once I am in there, I access my own router/LAN as if I was sitting at my desk and make any changes I need. So no need for the remote admin feature of the router to ever be activated or used. So, glad we are all on the same page and if you ever were to open it up, at least you know NS has your ass covered.lkdsk wrote:I believe that because remote administration isn't enabled, the router tries not to accept connections it doesn't think is from the Lan.
Remember, I'm referring to the connection to the router itself not https://secure.informaction.com/ipecho.php.