Comment by Sohcahtoa82
6 hours ago
That's an entirely different attack scenario. To succeed at that attack, my computer would already need to be running malware. At that point, they've already won.
6 hours ago
That's an entirely different attack scenario. To succeed at that attack, my computer would already need to be running malware. At that point, they've already won.
Or you visit a webpage that makes a request to an arbitrary server on an arbitrary port while not running a default-deny application firewall
I don't believe that opens a port to accept an incoming connection.
Even if it did, a web page making a request can't control the source port for the connection. They still couldn't make a local network service exposed to the Internet.
WebRTC and similar tools have existed for over a decade at this point and been abused horribly. Many common UPNP or similar daemons trust ANYTHING on the "trusted" side and will happily grant basically anything asked for because their vendors don't want customer support calls over whatever insane behavior some printer or IOT lightbulb is doing without the end user's knowledge.