Browser Fingerprints 101: Port Scanning

Browser Fingerprints 101: Port Scanning

What is a Port?

In computer networking, a "port" is an abstract concept used to describe the access point on a network for specific processes or services running on a computer. Ports allow these processes or services to communicate with other computers.

Each port has a unique number, ranging from 0 to 65535. This number lets the computer know which process or service should receive the data. For example, HTTP (web pages) typically uses port 80, HTTPS (secure web pages) typically uses port 443, and the email service SMTP typically uses port 25.

The main purpose of ports is to help computers route data packets correctly to the required service or application when handling network communications. This is like having a unique door number for everyone in a building so that mail can be accurately delivered to each person.

I'll give an example, and you'll understand the concept of 'Port' better.

You can imagine a computer as a big house, and the ports are like the doors and windows of this house. Each door and window has a specific number, just like each port has a specific number.

When your computer needs to communicate with other computers, such as browsing the web or watching movies online, it needs to receive or send information through these doors and windows (ports). Each different task or service, such as web browsing, email, online games, will use different doors and windows.

Just like the doors and windows of your house allow people to enter and exit, so do ports. However, if all the doors and windows are open, your house may be intruded by unwelcome visitors. Similarly, if all the ports of your computer are open, your computer may become a target for hackers. Therefore, we need to ensure that unnecessary ports are closed, and only the ports that need to be used are open, so as to ensure the security of the computer.

What is Port Scanning

Port scanning is the process of sending specific packets to the ports of a target machine and determining whether these ports are open based on the response.

Through port scanning, we can know which services are running and which ports are open. Since the network environment is very complex, different environments and targets may require different scanning methods. There are mainly the following reasons:

Firewalls and Intrusion Detection Systems: Many networks have firewalls and intrusion detection systems (IDS) that can block or detect certain types of port scans. Therefore, scanners need to use scanning techniques that are harder to detect.

Different reactions of network devices: Different network devices (such as routers, switches, servers, etc.) may have different reactions to the same scanning method. Therefore, scanners need to choose the most suitable scanning method based on the characteristics of the target device.

Purpose of the scan: Different scanning methods can provide different information. For example, TCP SYN scanning can only tell you which ports are open, while UDP scanning can tell you which ports are providing UDP services. Scanners need to choose the most suitable scanning method based on their purpose.

Resource consumption: Different scanning methods consume different system and network resources. In the case of limited resources, scanners need to choose the scanning method that consumes the least resources.

Here are some common port scanning techniques:

  • TCP SYN scan: Also known as half-open scanning, it initiates a TCP connection but does not complete the handshake process. This method is fast and difficult to detect.

  • TCP Connect scan: This is the most direct scanning method, it tries to establish a full TCP connection. If the connection is successful, then the port is open. This method is intuitive and easy to understand, but easy to detect.

  • UDP scan: This scanning method is used to detect the status of UDP ports. Since UDP is connectionless, UDP scanning usually requires sending specific UDP packets and judging whether the port is open based on the response.

  • FIN scan: This scanning method sends a FIN packet (used to end TCP connection) to the target port. If the port is closed, the system responds with an RST packet; if the port is open, the system ignores this packet. This method is difficult to detect by firewalls and IDS.

  • Xmas Tree scan: This scanning method sends a TCP packet containing all flag bits (like the lights on a Christmas tree). If the port is closed, the system responds with an RST packet; if the port is open, there is no response. This method is also difficult to detect.

  • Null scan: This scanning method sends a TCP packet that does not contain any flag bits. If the port is closed, the system responds with an RST packet; if the port is open, there is no response. This method is also designed to avoid detection.

Port Scanning Threats

By scanning the local open ports, websites can detect the open ports of a computer and understand the programs being run by the user. We have learned that companies like Facebook, eBay, and Amazon are all using this technological means.

Through port scanning, websites can know the following information:

Services running on the user's computer: For example, if ports 80 or 443 are open, it may indicate that the user is running a web server; if port 25 is open, it may indicate that the user is running a mail server.

The operating system of the user's computer: Some services usually run on specific operating systems, so by judging these services, the user's operating system can sometimes be inferred.

The network security status of the user's computer: If many unnecessary ports are open, it may indicate that the security of the user's computer is poor and more susceptible to attack.

User's network habits: For example, if some specific game or P2P download service ports are open, it may indicate that users often use these services.

To protect your personal privacy from being leaked and to prevent hackers from invading, you need to close unnecessary ports and prevent all threatening port scans.

How to Detect My Port

Using BrowserScan Port Scanner, you can detect which ports are open on your computer. It automatically detects the IP address and scans your device, identifying open and vulnerable ports.

How to Prevent Port Scanning

Use a firewall

Most operating systems have a built-in firewall function that can be used to prevent unnecessary inbound and outbound connections. You can set firewall rules to only allow necessary ports to be open, and close or discard all others.

Use the firewall of network devices

Many routers and modems also have built-in firewall functions. You can set firewall rules to prevent port scanning.

Use anti-detect browsers

Many fingerprint browsers support turning on the port scanning protection function in the browser configuration file settings, which will prevent websites from detecting which ports you have opened. This function will prevent all ports from being scanned. But you can also whitelist a series of specific ports for websites to scan.

Limit port opening

Only open necessary ports to reduce targets that attackers can exploit.

We have written a series of articles focused on browser fingerprinting for you. These articles are tailored to provide you with an array of resources, aimed at helping you gain a deeper understanding of browser fingerprinting.

  1. Browser Fingerprinting Guide for Beginners

  2. IP Address

  3. UserAgent

  4. WebRTC Leak

  5. Canvas Fingerprinting

  6. Do Not Track

  7. WebGL Fingerprinting

  8. Geolocation

  9. Language

  10. Media Device & Audio

  11. Client Rects & Font

  12. Port Scanning

  13. Automation Detection